Back

Boolean based Blind SQL Injection (SQLi)

By
Manieendar Mohan
Published on
04 Jul 2018
1 min read
SQL Injection

What is Boolean based blind SQL injection?

Boolean-based SQL injection is a technique that relies on sending an SQL query to the database based on which the technique forces the application to return different results.

The result allows an attacker to judge whether the payload used returns true or false. Even though no data from the database are recovered, the results give the attacker valuable information.

Depending on the boolean result (TRUE or FALSE), the content within the HTTP response will change, or remain the same.

Also, it is a slow attack; this will help the attacker to enumerate the database.

Example

        https://example.beaglesecurity.com/items.php?id=2

A vulnerable data access layer of an application can build an SQL query as shown below from the above URL request.

        SELECT title, description, body FROM items WHERE ID = 2 and 1=2

If an application is vulnerable to SQL injection, it will not return anything, and the attacker will next inject a query with a true condition (1=1). If the content of the page is different than the page that returned during false condition, then the attacker can infer that SQL injection is working. Now the attacker can verify it he all set to use other SQL Injection methods.

Impact and Fixes

Automated human-like penetration testing for your web apps & APIs
Teams using Beagle Security are set up in minutes, embrace release-based CI/CD security testing and save up to 65% with timely remediation of vulnerabilities. Sign up for a free account to see what it can do for you.
Product tour
Written by
Manieendar Mohan
Manieendar Mohan
Cyber Security Lead Engineer
Find website security issues in a flash
Improve your website's security posture with proactive vulnerability detection.
Free website security assessment
Experience the power of automated penetration testing & contextual reporting.
Product tour