LOGBOOK

HELP

Quiz Entry - updated: 2026.07.05

What is a blind (inferential) SQL injection attack?

No data comes back at all — the attacker asks true/false questions and reads the answer from how the app behaves (timing, errors, page differences).

In-band SQLi (UNION, data in the same response) vs blind SQLi (no data; inferred from timing/errors/page differences).

* In-band vs blind SQLi — in-band returns the data in the same response; blind returns nothing and the attacker infers it bit by bit from behaviour. *

Blind/inferential injection is used when no data is returned directly. The attacker infers information one bit at a time by observing application behavior differences.

Methods:

  • Conditional: Check if responses differ based on true/false conditions
  • Time-based: Use SLEEP() to cause delays when conditions are true
  • Error-based: Trigger different error messages based on conditions

Example: ...AND SUBSTRING(password, 1, 1) = 'a' AND SLEEP(10)-- If the page takes 10 seconds to load, the first character is 'a'.

Go deeper:

From Quiz: SPRG / Input Validation & Output Encoding | Updated: Jul 05, 2026