CompTIA PenTest+ Practice Test

What type of SQL injection is typically more difficult for vulnerability scanners to detect due to the nature of the attack?

• A. Simple SQL injection
• B. Union-based SQL injection
• C. Blind SQL injection
• D. Time-based SQL injection

The correct answer is: Blind SQL injection

Blind SQL injection is typically more challenging for vulnerability scanners to detect due to the way it operates. In this type of attack, the attacker is unable to see the actual output of the SQL queries being executed. Instead, they infer information based on the application's response behavior, such as changes in the application's output or response times. This lack of visible output makes it harder for automated tools to identify vulnerabilities, as these scanners often rely on the ability to directly observe and analyze the results of queries. For example, in blind SQL injection, an attacker might ask a yes/no question that modifies the query and then analyze whether the application behaves differently based on the input. Since vulnerability scanners may not be adept at handling such indirect methods of information retrieval, they can miss these vulnerabilities while detecting more straightforward injection techniques. The reasons the other types of SQL injections are detected more easily relate to their direct visibility in query responses. Simple SQL injection often results in error messages or visible data extraction, Union-based SQL injection uses direct output from queries, and Time-based SQL injection gives clear indicators through timing delays, making them easier for scanners to identify compared to the subtlety of blind SQL injection.