Difference between revisions of "Blind SQL Injection"

Revision as of 10:09, 15 September 2006

This is an Attack. To view all attacks, please see the Attack Category page.

Description

Blind SQL injection is identical to normal SQL injection, however, when such an attack is performed a handled error message is returned. This results in no generic database error messages and without disclosing such information the attacker is working 'blindly.'

Online Resources

Tools

SQL Power Injector
[Absinthe :: Automated Blind SQL Injection // ver1.3.1
SQLBrute - Multi Threaded Blind SQL Injection Bruteforcer in Python
SQLiX - SQL Injection Scanner in Perl

Revision as of 22:42, 30 August 2006 (view source) Cturra (talk \| contribs) (Added more categories) ← Older edit		Revision as of 10:09, 15 September 2006 (view source) Elektron (talk \| contribs) m (→‎Description: External link -> internal link (to SQL injection)) Newer edit →
Line 2:		Line 2:

	==Description==		==Description==
−	Blind SQL injection is identical to normal [~~http://www.owasp.org/index.php/SQL_injection~~ SQL injection], however, when such an attack is performed a handled error message is returned. This results in no generic database error messages and without disclosing such information the attacker is working '<i>blindly</i>.'	+	Blind SQL injection is identical to normal [[SQL injection]], however, when such an attack is performed a handled error message is returned. This results in no generic database error messages and without disclosing such information the attacker is working '<i>blindly</i>.'

Difference between revisions of "Blind SQL Injection"

Revision as of 10:09, 15 September 2006

Description

Examples

Related Threats

Related Attacks

Related Problems

Related Countermeasures

Categories

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Reference

Tools