SQL Injection/Blind

From charlesreid1

Revision as of 20:47, 21 May 2023 by Unknown user (talk)
Main article: SQL Injection

A short guide to blind SQL injection.

Basic Overview

Link: https://portswigger.net/web-security/sql-injection/blind

Blind SQL injection is an attempt to tamper with parameters that are fed into SQL queries, but whose results are not returned directly to the user.

Example: requests to a web application contain a cookie with a tracking ID that is sent in a header. That tracking ID is used by the server in an SQL query, and depending on the result of the query, the page will render differently for the end user.

Retrieved from "https://charlesreid1.com/w/index.php?title=SQL_Injection/Blind&oldid=29604"