Certified Ethical Hacker (CEH v10) — Question 124

Elliot is in the process of exploiting a web application that uses SQL as a back-end database. He is determined that the application is vulnerable to SQL injection and has introduced conditional timing delays into injected queries to determine whether they are successful. What type of SQL injection is Elliot most likely performing?

Answer options

• A. NoSQL injection
• B. Blind SQL injection
• C. Union-based SQL injection
• D. Error-based SQL injection

Correct answer: B

Explanation

The correct answer is Blind SQL injection because Elliot is using timing delays to infer information without receiving any direct feedback from the database, which is characteristic of blind attacks. NoSQL injection is not relevant to SQL databases, while Union-based and Error-based SQL injection methods typically provide direct outputs or errors, which are not applicable in this scenario.