$type=carousel$cols=3$hide=post

$hide=post-mobile

What is Blind Sql Injection ? Web Application Vulnerability Tutorial

Blind SQL injection technique is used when the web application is vulnerable but the output doesn’t display to the attacker. When hacke...

Blind SQL injection technique is used when the web application is vulnerable but the output doesn’t display to the attacker. When hacker tries SQL injection, they will redirect to some other pages instead of error message. Blind SQL Injection is harder to implement when compared with the above Traditional SQL Injection Technique, it will take more time . There are some tools for Blind SQL Injection.

Blind SQL injection can be done by querying the database with sequence of true/false questions.

How to detect the Blind SQL Injection Vulnerability?
Web application gets the clients input and supplied in where clause to retrieve data from Database. For instance, let us say the web application gets id and supplied to the sql query as follows
Statement=”select * from userinfo where id=` “+id+” ` “;
Hope you know about where clause and compound conditions (OR, AND). OR and AND are used to combine two conditions. The attacker can find the vulnerability by entering the compound conditions as input.
For instance, the attacker can enter id value as
1 AND 1=1
The above query will become
Select * from userinfo WHERE id=1 AND 1=1
If the page remains on the same page, then the application may be vulnerable. This type of vulnerability occurs when the developer fails to validate the data type of ID. Here we give true condition (1=1). So if use false condition (1=2), it will raise an error message. We can conclude that if the condition is true, it remains in page. If false, showing error message.

Some Functions to be known
The following function will be useful for Blind SQL Injection.
substring(str, pos, length) is the function that returns the part of the String. sub string of the string is depending on the argument given to the function.

For instance substring(“hello”,2,1) will returns ‘e’. 
Here string is “hello”, character position is 2 (that is ‘e’), and length is 1.

  • lower(str) is the function that converts the character to lower case
  • ascii(c) is the function that converts the character to ASCII value.
  • length(str) returns the length of the string .
  • user() returns the current user(admin)
  • database() returns the database name.
  • version() retruns the version of database

Blind Sql Injection Tools:
When come to Blind Sql Injection vulnerability, it will time consuming process. So Automated tools are better than manual process. Here are list of Automated Tools

Meet you at our Next Article with more details about the Blind Sql Injection Attack.

We are providing this information as a part of our Ethical Hacking Tutorial. This article is created for understanding the Web application Vulnerability. We are not responsible for you illegal activity.

COMMENTS

Name

0day,4,404,1,Account,1,Acunetix,1,Adobe,1,Android,12,anonymity,3,Antivirus,5,Apk,2,App Store,1,audio,1,backdoor,1,Backtrack Tutorials,5,Binders,1,Blogger,9,blogger templates,1,blogging,1,Booters,1,Breach,1,Brute Force Cracking,4,business,1,c99,1,Cain and Abel Tool,3,Candy Crush Soda Saga,1,CEO,1,clone,5,Command Prompt Hacks,2,computer,1,Computer Tricks,5,cookie,1,Cookie Stealing,2,cookies,1,Corrupt,1,Cpanel Cracking,1,Cpanels,1,cracked apk,1,Cracked PC Game Latest,1,cracking,9,Create Virus,2,Cross site Scripting,3,Crypter,1,Cryptography,1,Cyber News,9,Cyber War,1,darknet,1,Data,1,Database Hacking,4,DDOS,1,DDoS Attack Pack,1,deepweb,2,deface,4,Dictionary Attacks,2,DNN,1,DNS Hacking/Hijacking,2,Domain,3,Dorks,2,Dos/DDos,3,Doxing,2,Drupal,1,Election Commission,1,Email Hacking,14,EVM Hacking,1,Exploits,12,Extratorrents,1,Facebook,31,Facebook Hacks,29,Fake Call,2,Features,1,free,1,Free Minutes,3,Free Recharge,6,Free Softwares,20,Freeze,1,FreeZone,9,Games,7,Gmail Hacks,15,Gold,1,Google Chrome Tricks,4,google dorks,2,Google Play Store,1,Google Tricks,8,Grand Theft Auto 5 {G.T.A V },1,hack cctv camera,1,Hacking,37,hacking Tools,21,Hacking Tricks,28,Hash Codes Cracking,5,Hash Types,1,havij,1,hotmail,2,how to,12,HTML Injection,1,images,1,Information Security,1,Information Security Event,1,Information Security Summit,1,internet,2,internet hacks,33,Internet security,1,ip hacking,1,javascript,2,Joomla,2,kali,2,Keyloggers,11,Kickass Torrents,1,Latest,1,LinkedIn,1,linux,1,Lucky Patcher,1,lucky patcher cracked,1,lucky patcher cracked latest,1,MAC,1,Make Money,6,Malware Protection,2,MD5 Cracking,1,messages,1,Messenger,1,Metaspolit,3,MMS,1,Mobile Tricks,22,Modded APK,3,Modded quickly,1,Netbios Hacking,1,network security,10,News,3,Notepad Tricks,2,operating system,2,OphCrack,1,OurMine,1,password Crack,7,PC,1,pentesting,5,pentesting tools,2,Phishing,1,Phising,1,Prank calls,1,RAT,4,RAT's,1,receive,1,redirect,1,remote hacking,3,Rockstar,1,Scanner,2,Security,3,security tips,10,send,1,SEO,3,Sharecash,1,Shell,5,Shell Upload,3,Sms,1,SMS Bomber,1,Social Engineering,2,Spoofing,1,SQL,13,SQL Hacks,10,SQL Injection,2,Stealers,1,Tech News,8,template,5,text,1,tips,1,Torrents,2,tricks,10,twitter,1,video,1,Virusses,1,VLC Media Player Tricks,4,Vulnerability,23,Web Application Vulnerability,17,Webcam (Cam),1,website hack,42,WhatsApp,1,WHMCS Hacking,1,Windows Hacks,16,Wordpress,1,XSS,6,yahoo,3,
ltr
item
The Hackers Store: What is Blind Sql Injection ? Web Application Vulnerability Tutorial
What is Blind Sql Injection ? Web Application Vulnerability Tutorial
http://2.bp.blogspot.com/-e88eBJ6bEA0/TrfLnexJ0II/AAAAAAAAAqE/AFHwdKu4nWI/s200/sql+injection.jpg
http://2.bp.blogspot.com/-e88eBJ6bEA0/TrfLnexJ0II/AAAAAAAAAqE/AFHwdKu4nWI/s72-c/sql+injection.jpg
The Hackers Store
http://www.thehackerstore.net/2012/08/what-is-blind-sql-injection-web_1.html
http://www.thehackerstore.net/
http://www.thehackerstore.net/
http://www.thehackerstore.net/2012/08/what-is-blind-sql-injection-web_1.html
true
5606695727162515522
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS CONTENT IS PREMIUM Please share to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy