Quiz Entry - updated: 2026.07.05
What is a blind (inferential) SQL injection attack?
No data comes back at all — the attacker asks true/false questions and reads the answer from how the app behaves (timing, errors, page differences).
* In-band vs blind SQLi — in-band returns the data in the same response; blind returns nothing and the attacker infers it bit by bit from behaviour. *
Blind/inferential injection is used when no data is returned directly. The attacker infers information one bit at a time by observing application behavior differences.
Methods:
- Conditional: Check if responses differ based on true/false conditions
- Time-based: Use
SLEEP()to cause delays when conditions are true - Error-based: Trigger different error messages based on conditions
Example: ...AND SUBSTRING(password, 1, 1) = 'a' AND SLEEP(10)--
If the page takes 10 seconds to load, the first character is 'a'.
Go deeper:
PortSwigger — Blind SQL injection — conditional, time-based and error-based blind techniques with labs.