Blind SQL Injection

Description
Blind SQL injection is identical to normal SQL injection, however, when such an attack is performed a handled error message is returned. This results in no generic database error messages and without disclosing such information the attacker is working 'blindly.'

Online Resources
 * more Advanced SQL Injection - by NGS
 * Blind SQL Injection Automation Techniques - Black Hat Pdf
 * Blind Sql-Injection in MySQL Databases
 * Cgisecurity.com: What is Blind SQL Injection?
 * Blind SQL Injection
 * http://www.spidynamics.com/whitepapers/Blind_SQLInjection.pdf
 * http://www.imperva.com/application_defense_center/white_papers/blind_sql_server_injection.html
 * SQL Injection Attacks

Tools
 * SQL Power Injector
 * [Absinthe :: Automated Blind SQL Injection // ver1.3.1
 * SQLBrute - Multi Threaded Blind SQL Injection Bruteforcer in Python
 * SQLiX - SQL Injection Scanner in Perl
 * sqlmap, a blind SQL injection tool in Python

Related Problems

 * Injection problem