Blind SQL Injection means the attack of SQL injection to analyze and discover information from web applications. These attacks happen when any web application shows error messages without mitigating the code. Such web applications don’t provide information openly otherwise they are vulnerable to blind SQL injection attacks. Blind SQL Injection can be used to extract sensitive data from the database servers. In this type of attack, the attacker asks true or false queries to the database and analyses those answers based upon the responses of applications.
There are different Blind SQL Injection types that you can find on online blogs and tutorials. Here, we are giving a few blind SQL injection examples for your knowledge.
The attacker performs different kinds of blind SQL injection attack to extract the data from the normal content with the provided parameter in the form of ID.
Suppose, we have a social networking website – letsbesocial.com. This site has filled with multiple users’ profiles. Each profile features a unique ID number for identification. The attacker uses a query string to extract a certain profile.
Let’s suppose, the attacker wants to extract data of the profile of a user with an ID of 2902 named Jessika Parker. He/she will see that said user’s ID number will be pulled up and displayed as follows:
// this is Jessika Parker’s page:
If he/she wants details of Jessika Parker’s profile such as her birthday, address, pictures, etc. by requesting the URL “https://letbesocial.com? Id=2902” he/she can extract these details by using a query string to run SQL on the servers of talktome.com. The SQL will look as below:
SELECT * FROM profiles WHERE ID = ‘2902’;
Then the attacker injects SQL into the URL query string by loading this URL into your browser by appending a Boolean Expression.
https://www.talktome.com?id=2902 AND 1=1
This is a SQL with a Boolean Expression – a “1 = 1” that returns true.
SELECT * FROM profiles WHERE ID = ‘2902’ AND 1=1;
The server should accept the additional characters after the .2902. if does so, the page related to Jessika parker will be loaded if the server lets the above SQL run by allowing it.
It can happen that the server may not respond to Jessika Parker’s page after requesting the URL-https://www.letsbesocial.com?id=2902 AND 1=1. In this case, the server will display the message- ‘The Page is not found.’ This means that website is not vulnerable to blind SQL injection. The attacker can’t attack with blind SQL injection to this website.
In this case, the attacker has to find out the version of MYSQL run by that server. To do this, he/she has to load that server by appending extra SQL.
To check out the MYSQL Version 5, the attacker will load the below URL
https://www.letsbesocial.com?id=2902 AND substring (@@version, 1, 1) =5
The SQL “substring (@@version, 1, 1) =5 is used for checking if that severs uses MYSQL version 5. In this scenario. If SQL runs without any issue, the page will load smoothly with the running version 5. But if that server is not running version 5, then the SQL can return false and the page will not load. So, the attacker can extract the data that he/she wants from that server.
Time-based blind SQL injection means the database pauses for a specific time which returns the result with successful injection. The attacker sends SQL queries along with the code which forces delays in returning results of queries. The attacker will define from response time whether the answers to queries are true or false.
Then, the attacker mentions each letter of the required data by the following logic:
If the first letter of the first database’s name is a ‘D’, wait for 10 seconds.
If the first letter of the first database’s name is an ‘L’, wait for 10 seconds. Etc.
Example no 2.
Time-Based Blind SQL Injection attack example on Microsoft SQL Server:
https://www.site.com/vulnerable.php? id=1′ wait for delay ’00:00:10′–
Time-Based Blind SQL Injection example in MySQL 5 by using the function SLEEP:
/* Resulting query (with malicious SLEEP injected). */
SELECT * FROM table WHERE id=1–SLEEP (15)
You can prevent Blind SQL Injection attacks by turning off error messages. Also, you can use Prepared Statements for preventing such attacks. Such Statements designed to prevent blind SQL injections are best because SQL has put together before putting on any user input, making it impossible to change the user’s input and therefore compromising the integrity of the SQL statement.
You can check your web applications for their vulnerability to blind SQL injection attacks by using vulnerability assessment tools.
It is dangerous when users sensitive data hijack by blind SQL Injection. Attackers or hijackers can use this data for their malicious proposes/gains. It is an attack on users privacy. Because of this, users have to lose personal/professional reputation. They can be destroyed financially too. So, to prevent them from occurring these issues, you should have to use proper security tools and programs.
So, have you made up your mind to make a career in Cyber Security? Visit our Master Certificate in Cyber Security (Red Team) for further help. It is the first program in offensive technologies in India and allows learners to practice in a real-time simulated ecosystem, that will give you an edge in this competitive world.