What is Blind SQL Injection?

When an attacker executes SQL Injection attacks sometimes the server responds with error messages from the database server complaining that the SQL Query's syntax is incorrect. Blind SQL injection is identical to normal SQL Injection except that when an attacker attempts to exploit an application rather then getting a useful error message they get a generic page specified by the developer instead. This makes exploiting a potential SQL Injection attack more difficult but not impossible. An attacker can still steal data by asking a series of True and False questions through sql statements.

Additional information on SQL injection including useful articles and links can be found at our SQL Injection page below http://www.cgisecurity.com/development/sql.shtml

Also See 'SQL Injection'
What is SQL Injection?


Feed You can follow this conversation by subscribing to the comment feed for this post.

Post a comment

Remember personal info?