It is nearly same as normal SQL injection but the difference is that it retrieved the data from the database. It asks a true and false question to the victim. An attacker force to steal the data by asking the question.

This attack is used when a web application is shown as a generic error message.

Two type of Blind SQL Injection

1. Boolean based

2. Time-based

Boolean Based:- This technique is sending a SQL query to the database which forces the different result in a True false form.

Time-based:- This technique is sending a SQL query to the database which forces the database to wait a specified time period. This allows to an attacker to inject payload used returned true or false, even though no data from the database is returned.

Defend:

‘(Escape the single quote)= replace(input,””,””)

“(double quote)= replace(input,”””,””)

‘ ‘(close parenthesis)= replace(input,”’”,””)

;(semi-colon)

-(dash)