Certified Ethical Hacker (CEH v12) — Question 273

This type of injection attack does not show any error message. It is difficult to exploit as it returns information when the application is given SQL payloads that elicit a true or false response from the server. By observing the response, an attacker can extract sensitive information.

What type of attack is this?

Answer options

• A. Union SQL injection
• B. Error-based SQL injection
• C. Time-based SQL injection
• D. Blind SQL injection

Correct answer: D

Explanation

The correct answer is Blind SQL injection, as this type of attack does not provide error messages and depends on the application's responses to determine if a SQL payload is valid. Union SQL injection, Error-based SQL injection, and Time-based SQL injection all involve different methods of exploiting SQL vulnerabilities and do not fit the description provided.