Web Hacker Basics 08 (Blind SQL Injection); featuring SQLmap
https://www.ispeech.org
The major difference between “normal” SQL injection and “blind” SQL injection is that Blind SQL pages only return a True or False response, (usually in the form of error messages).
Now, you would think, “that should handle the problem, right?”
Well, not quite.
Sites that are vulnerable to Blind SQL injection don’t address the underlying problem. They can still allow user input to be treated as part of the SQL query itself.
SQL Injection Part 1:
SQL Refresher:
https://www.w3schools.com/sql/
http://www.sqlcourse.com/cgi-bin/interpreter.cgi
http://www.sqlcourse2.com/intro2.html
Overview and testing for SQLi:
https://www.owasp.org/index.php/SQL_Injection
https://www.owasp.org/index.php/Testing_for_SQL_Injection_(OTG-INPVAL-005)
SQL Injection Prevention Cheat Sheet:
https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet
2018-10-05 22:53:13
source
Gloss