When you try to guess secret data from a website's database without seeing any errors, what method uses only "yes" or "no" answers from the website to figure things out?
The method described is Blind SQL Injection, specifically Boolean-based Blind SQL Injection. SQL Injection is a web security vulnerability that allows an attacker to interfere with the queries an application makes to its database. In a Blind SQL Injection attack, the attacker does not directly see the results of the malicious SQL queries or any database errors on the web page. Instead, they deduce information by observing the application’s behavior. Boolean-based Blind SQL Injection u....
Community Answers
Sign in to open profiles and full community answers.
No community answers yet. Be the first to submit one.