Introduction to Blind SQL Injection¶

Blind SQL Injection, also known as Inferential SQLi, is a type of injection attack where the attacker does not receive any data or error messages directly from the database in the application's response.

Instead, the attacker must infer the database structure and its contents by observing the application's behavior in response to carefully crafted queries. This is a slower but equally dangerous form of SQLi.

When to Use Blind SQLi¶

This technique is necessary when: - The application has been configured to suppress database errors. - The vulnerable query does not return its results within the HTTP response.

Core Methodology¶

The fundamental approach is to ask the database a series of "true or false" questions and monitor the application's response. A difference in the response—whether in the content of the page or the time it takes to load—indicates the answer to the question.

Types of Blind SQL Injection¶

There are two primary techniques for performing Blind SQLi:

1. Boolean-Based Blind SQLi: The application responds differently when a query evaluates to TRUE versus FALSE (e.g., a "Welcome back!" message appears or disappears).

2. Time-Based Blind SQLi: The application's response time is manipulated by injecting commands that cause the database to delay its response if a condition is TRUE. This is used when there is no observable difference in the page content.