Certified Ethical Hacker (CEH v13) — Question 221

This type of injection attack does not show any error message. It is difficult to exploit as it returns information when the application is given SQL payloads that elicit a true or false response from the server. By observing the response, an attacker can extract sensitive information.
What type of attack is this?

Answer options

• A. Union SQL injection
• B. Error-based SQL injection
• C. Time-based SQL injection
• D. Blind SQL injection

Correct answer: D

Explanation

Blind SQL injection is the correct answer because it allows attackers to infer information based on the application's responses without showing error messages. Union SQL injection, Error-based SQL injection, and Time-based SQL injection involve different methods of exploiting vulnerabilities, but they either produce error messages or are not focused on the true/false response mechanism.