Skip to main content

Will explains what a Blind SQL injection is

In this weeks episode, William Hall follows up last week’s Jargon Buster about SQL injection and talks about Blind SQL injection.

“Blind SQL injection is a complicated topic, but to simply, one example we can give you would be that it is a condition whereby an application backend database reacts differently with a true or false response based on user input. With additional analysis and heuristics from the server response, we can glean and extract information from the database. Whilst this can be a slow technique for exfiltrating data, it can be useful for extracting small snippets of information such as the table names and administrative password hashes. Given enough time, an entire database can be enumerated using blind sql injection.”