Identifying a blind SQL Injection

We already saw how a SQL Injection vulnerability works. In this recipe, we will cover a different type of vulnerability of the same kind, one that does not show any error message or hint that could lead us to the exploitation. We will learn how to identify a blind SQLi.

How to do it...

Log into DVWA and go to SQL Injection (Blind).
It looks exactly the same as the SQL Injection form we know from a previous recipe. Introduce a 1 in the text box and click Submit.
Now, let's do our first test with 1':
We get no error message, but no result either; something interesting could be happening here.
We do our second test with ...

Get Kali Linux Web Penetration Testing Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Kali Linux Web Penetration Testing Cookbook by Gilberto Nájera-Gutiérrez

Identifying a blind SQL Injection

How to do it...

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly