CompTIA PenTest+ Practice Test

What type of SQL injection attack uses true or false questions to determine answers based on application responses?

• A. Error-based SQL injection
• B. Union-based SQL injection
• C. Blind SQL injection
• D. Time-based SQL injection

The correct answer is: Blind SQL injection

Blind SQL injection is characterized by the application's response not directly displaying the result of the query, which makes it a stealthier method of attack compared to others. In blind SQL injection, the attacker sends queries that are structured around true or false questions. Depending on the application's response—whether it returns content or does not, or the time it takes to respond—the attacker can infer information about the database. For example, an attacker might pose a question such as, “Is the user with ID 1's password 'abc123'?” The application may answer by either responding normally (TRUE) or through an error message (FALSE), or it may time out or take a longer time under certain conditions. This allows them to retrieve sensitive information about the database even in scenarios where specific error messages are not provided. This method stands in contrast to the other types of SQL injection listed. Error-based SQL injection relies on error messages generated by the database engine to gain insights into the structure and contents of the database. Union-based SQL injection seeks to combine the results of multiple SELECT statements to gather more information directly. Time-based SQL injection utilizes the time it takes for the database to respond to a query to confirm or deny conditions, rather than relying on the application's standard outputs.