SQL Injection/Blind: Difference between revisions

From charlesreid1

No edit summary
No edit summary
Line 2: Line 2:


A short guide to blind SQL injection.
A short guide to blind SQL injection.
==Basic Overview==
Link: https://portswigger.net/web-security/sql-injection/blind
Blind SQL injection is an attempt to tamper with parameters that are fed into SQL queries, but whose results are not returned directly to the user.
Example: requests to a web application contain a cookie with a tracking ID that is sent in a header. That tracking ID is used by the server in an SQL query, and depending on the result of the query, the page will render differently for the end user.

Revision as of 20:47, 21 May 2023

Main article: SQL Injection

A short guide to blind SQL injection.

Basic Overview

Link: https://portswigger.net/web-security/sql-injection/blind

Blind SQL injection is an attempt to tamper with parameters that are fed into SQL queries, but whose results are not returned directly to the user.

Example: requests to a web application contain a cookie with a tracking ID that is sent in a header. That tracking ID is used by the server in an SQL query, and depending on the result of the query, the page will render differently for the end user.

Retrieved from "https://charlesreid1.com/w/index.php?title=SQL_Injection/Blind&oldid=29604"