https://wiki.owasp.org/api.php?action=feedcontributions&feedformat=atom&user=Jolascoaga OWASP - User contributions [en] 2026-04-24T11:47:15Z User contributions MediaWiki 1.27.2 https://wiki.owasp.org/index.php?title=Blind_SQL_Injection&diff=14497 Blind SQL Injection 2006-12-20T10:44:10Z <p>Jolascoaga: /* Description */</p> <hr /> <div>{{Template:Attack}}<br /> <br /> ==Description==<br /> Blind SQL injection is identical to normal [[SQL injection]], however, when such an attack is performed a handled error message is returned. This results in no generic database error messages and without disclosing such information the attacker is working '&lt;i&gt;blindly&lt;/i&gt;.'<br /> <br /> <br /> '''Online Resources'''<br /> * [http://www.ngssoftware.com/papers/more_advanced_sql_injection.pdf more Advanced SQL Injection] - by NGS<br /> * [http://www.blackhat.com/presentations/bh-usa-04/bh-us-04-hotchkies/bh-us-04-hotchkies.pdf Blind SQL Injection Automation Techniques] - Black Hat Pdf<br /> * [http://seclists.org/lists/bugtraq/2005/Feb/0288.html Blind Sql-Injection in MySQL Databases]<br /> * [http://www.cgisecurity.com/questions/blindsql.shtml Cgisecurity.com: What is Blind SQL Injection?]<br /> * [http://www.securitydocs.com/library/2651 Blind SQL Injection]<br /> * http://www.spidynamics.com/whitepapers/Blind_SQLInjection.pdf<br /> * http://www.imperva.com/application_defense_center/white_papers/blind_sql_server_injection.html<br /> * [http://wcsc.myweb.usf.edu/tutorials/SQL_Injection.ppt SQL Injection Attacks]<br /> <br /> '''Tools'''<br /> * [http://www.sqlpowerinjector.com/ SQL Power Injector]<br /> * [http://www.0x90.org/releases/absinthe/ [Absinthe :: Automated Blind SQL Injection] // ver1.3.1<br /> * [http://www.securiteam.com/tools/5IP0L20I0E.html SQLBrute - Multi Threaded Blind SQL Injection Bruteforcer] in Python<br /> * [http://www.owasp.org/index.php/Category:OWASP_SQLiX_Project SQLiX - SQL Injection Scanner] in Perl<br /> * [http://sqlmap.sourceforge.net sqlmap, a blind SQL injection tool] in Python<br /> * [http://www.514.es/2006/12/inyeccion_de_codigo_bsqlbf12th.html bsqlbf, a blind SQL injection tool] in Perl<br /> <br /> ==Examples ==<br /> <br /> ==Related Threats==<br /> <br /> ==Related Attacks==<br /> <br /> ==Related Problems==<br /> * [[Injection problem]]<br /> <br /> ==Related Countermeasures==<br /> <br /> ==Categories==<br /> [[Category:Attack]]<br /> [[Category:Injection Attack]]<br /> [[Category:OWASP_CLASP_Project]]<br /> [[Category:OWASP_SQLiX_Project]]<br /> [[Category:Code Snippet]]<br /> [[Category:Java]]<br /> [[Category:SQL]]</div> Jolascoaga https://wiki.owasp.org/index.php?title=Blind_SQL_Injection&diff=14496 Blind SQL Injection 2006-12-20T10:43:10Z <p>Jolascoaga: /* Description */</p> <hr /> <div>{{Template:Attack}}<br /> <br /> ==Description==<br /> Blind SQL injection is identical to normal [[SQL injection]], however, when such an attack is performed a handled error message is returned. This results in no generic database error messages and without disclosing such information the attacker is working '&lt;i&gt;blindly&lt;/i&gt;.'<br /> <br /> <br /> '''Online Resources'''<br /> * [http://www.ngssoftware.com/papers/more_advanced_sql_injection.pdf more Advanced SQL Injection] - by NGS<br /> * [http://www.blackhat.com/presentations/bh-usa-04/bh-us-04-hotchkies/bh-us-04-hotchkies.pdf Blind SQL Injection Automation Techniques] - Black Hat Pdf<br /> * [http://seclists.org/lists/bugtraq/2005/Feb/0288.html Blind Sql-Injection in MySQL Databases]<br /> * [http://www.cgisecurity.com/questions/blindsql.shtml Cgisecurity.com: What is Blind SQL Injection?]<br /> * [http://www.securitydocs.com/library/2651 Blind SQL Injection]<br /> * http://www.spidynamics.com/whitepapers/Blind_SQLInjection.pdf<br /> * http://www.imperva.com/application_defense_center/white_papers/blind_sql_server_injection.html<br /> * [http://wcsc.myweb.usf.edu/tutorials/SQL_Injection.ppt SQL Injection Attacks]<br /> <br /> '''Tools'''<br /> * [http://www.sqlpowerinjector.com/ SQL Power Injector]<br /> * [http://www.0x90.org/releases/absinthe/ [Absinthe :: Automated Blind SQL Injection] // ver1.3.1<br /> * [http://www.securiteam.com/tools/5IP0L20I0E.html SQLBrute - Multi Threaded Blind SQL Injection Bruteforcer] in Python<br /> * [http://www.owasp.org/index.php/Category:OWASP_SQLiX_Project SQLiX - SQL Injection Scanner] in Perl<br /> * [http://sqlmap.sourceforge.net sqlmap, a blind SQL injection tool] in Python<br /> * [http://www.514.es/2006/12/inyeccion_de_codigo_bsqlbf12th.html, a blind SQL injection tool] in Perl<br /> <br /> ==Examples ==<br /> <br /> ==Related Threats==<br /> <br /> ==Related Attacks==<br /> <br /> ==Related Problems==<br /> * [[Injection problem]]<br /> <br /> ==Related Countermeasures==<br /> <br /> ==Categories==<br /> [[Category:Attack]]<br /> [[Category:Injection Attack]]<br /> [[Category:OWASP_CLASP_Project]]<br /> [[Category:OWASP_SQLiX_Project]]<br /> [[Category:Code Snippet]]<br /> [[Category:Java]]<br /> [[Category:SQL]]</div> Jolascoaga