Blind SQL Injection is a type of SQL injection attack where no error messages or data are directly returned to the attacker. Instead, the attacker sends specially crafted SQL queries that result in true or false responses. Based on how the application responds (such as redirecting to a different page or loading time), the attacker infers information about the backend database.
According to CEH v13:
Blind SQLi is used when standard SQL injection yields no visible output.
It comes in two forms:
Boolean-based: Infers information based on application behavior.
Time-based: Infers information based on server response time delays.
Incorrect Options:
A. Time-based SQLi is a sub-type of Blind SQLi, but the question describes Boolean-based behavior.
B. Union SQL injection uses the UNION keyword to fetch additional rows; requires visible output.
C. Error-based SQL injection relies on database error messages.
Reference – CEH v13 Official Courseware:
Module 14: Hacking Web Applications
Section: “Types of SQL Injection”
Subsection: “Blind SQL Injection (Boolean and Time-Based)”
=
