Blind SQL Injection
It is nearly same as normal SQL injection but the difference is that it retrieved the data from the database. It asks a true and false question to the victim. An attacker force to steal the data by asking the question.
This attack is used when a web application is shown as a generic error message.
Two type of Blind SQL Injection
1. Boolean based
2. Time-based
Boolean Based:- This technique is sending a SQL query to the database which forces the different result in a True false form.
Time-based:- This technique is sending a SQL query to the database which forces the database to wait a specified time period. This allows to an attacker to inject payload used returned true or false, even though no data from the database is returned.
Defend:
‘(Escape the single quote)= replace(input,””,””)
“(double quote)= replace(input,”””,””)
‘ ‘(close parenthesis)= replace(input,”’”,””)
;(semi-colon)
-(dash)
No comments:
Post a Comment