Certified Ethical Hacker (CEH v11) — Question 368

This type of injection attack does not show any error message. It is difficult to exploit as it returns information when the application is given SQL payloads that elicit a true or false response from the server. By observing the response, an attacker can extract sensitive information.
What type of attack is this?

Answer options

• A. Union SQL injection
• B. Error-based SQL injection
• C. Time-based SQL injection
• D. Blind SQL injection

Correct answer: D

Explanation

The correct answer is Blind SQL injection, which does not provide visible error messages, making it challenging to exploit but allowing attackers to infer data based on the application's responses. Union SQL injection, Error-based SQL injection, and Time-based SQL injection rely on different mechanisms and error feedback, which do not align with the described characteristics of the attack.