Blind Boolean-Based

Blind Boolean-Based SQL Injection is a type of SQL injection attack where the attacker can infer the presence of data by sending different queries and observing the application's behavior. Unlike classic SQL injection, no data is directly returned; instead, the attacker determines the truth or falsehood of a query based on the application's response.

Injection: An attacker injects a malicious payload with a condition that evaluates to true or false (e.g., 1=1 or 1=2).
Response Analysis: The attacker observes the application's behavior. A true condition may cause the application to display a page correctly, while a false condition might result in an error or no data being returned.
Inference: By iterating through different conditions, the attacker can infer the structure of the database or retrieve sensitive data.

Suppose a vulnerable login page accepts a username and password and constructs a SQL query like this:

SELECT * FROM users WHERE username = '[user_input]' AND password = '[password_input]';

An attacker might test with the following payload to check if the input is vulnerable to Boolean-based SQLi:

' OR 1=1--

If the query returns results, the attacker knows the 1=1 condition is true. They can then try other payloads to further infer the structure of the database.

Here's an example of a URL payload that might be used:

http://example.com/login?username=admin&password=' OR 1=1--

Performing these attacks on systems without permission is illegal. Always obtain proper authorization before testing for vulnerabilities.

Blind Boolean-Based

How Blind Boolean-Based SQL Injection Works

On this page

Blind Boolean-Based

How Blind Boolean-Based SQL Injection Works

Detailed Steps

On this page