This type of injection attack does not show any error message. It is difficult to exploit as it returns information when the application is given SQL payloads that elicit a true or false response from the server. By observing the response, an attacker can extract sensitive information.
What type of attack is this?
The attack described involves giving the application SQL payloads that elicit a true or false response from the server without showing any error messages, and allows the attacker to infer information based on these responses. This type of attack is known as Blind SQL injection.
Blind SQL injection attacks, the attacker doesn't directly see the results of the injected SQL query but can infer information based on the application's response
D. Blind SQL injection
CEHv12 - 2225
No data is transmitted through the web application, and it is not possible for an attacker to retrieve the actual result of the injection; therefore, it is called blind SQL injection.