A web application returns generic error messages. The analyst submits AND 1=1 and AND 1=2 and observes different responses. What type of injection is being tested?
This technique is known as Boolean-Based Blind SQL Injection, as defined in CEH v13 Web Application Hacking. When applications suppress database errors and return generic responses, attackers use conditional statements to infer database behavior.
By comparing responses to true (1=1) and false (1=2) conditions, the attacker deduces whether injected SQL is being executed successfully.
CEH v13 distinguishes this from:
Error-based SQLi (visible DB errors)
UNION-based SQLi (data extraction)
Time-based SQLi (response delays)
Boolean-based blind SQL injection relies solely on content differences, making option C correct.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit