SQL Injection VS Blind SQL Injection

So far you learn how to trigger a SQL error sending some SQL code from the client(Browser) to the server, however, sometimes the web application doesn’t show any error message from the database but doesn’t mean the code is not vulnerable, and this is why you’ve to pay attention to the detail.

A normal SQL injection is closely similar to a Blind SQL Injection, the only difference is that blind injection will not display any error message from the database server warning you that your SQL Query syntax is not correct, plus you’ve to ask true or false questions and watching the responses, in the other hand a normal SQL Injection will show a generic error message making exploiting the vulnerability less difficult.

Environment Setup

You’ll set up an environment to test both cases, so our examples will be executed on a database including two relational tables users and cars using a cardinality One-to-many(1:n) when a car can have multiple users.

Read More