|
|
|
|
|
|
by dan_mctree
3105 days ago
|
|
|
Another frequent type of blind SQL injection is when the server gives an error or a slightly different output on some queries. The server code may for example travel down a different path if the query doesn't output any results and then shows an error. Even if the error doesn't show the contents of the query, it can also be used to slowly extract data through generated yes/no questions. In one case I managed a successful blind attack for a client because their server showed an English site for valid queries returning the right results, and a German one for unexpected queries. |
|
|