When an attacker executes SQL Injection attacks sometimes the server
responds with error messages
from the database server complaining that the SQL Query’s syntax is
incorrect. Blind SQL injection is identical to normal SQL Injection
except that when an attacker attempts to exploit an application rather
then getting a useful error message they get a generic page specified
by the developer instead. This makes exploiting a potential SQL
Injection attack more difficult but not impossible. An attacker can
still steal data
by asking a series of True and False questions through sql statements.
Additional information on SQL injection including useful articles and links can be found at our SQL Injection page below
http://www.cgisecurity.com/development/sql.shtml
Also See ‘SQL Injection’
What is SQL Injection?
