would then cause the web site to return a friendly error or no page at

all. This is because the SQL statement  and 1=0  is always false.

Once the attacker discovers that a site is susceptible to Blind SQL

Injection, he can exploit this vulnerability more easily, in some cases,

than by using normal SQL Injection.

References

 SQL Injection: Are your Web Applications Vulnerable    SPI

Dynamics

http://www.spidynamics.com/support/whitepapers/WhitepaperSQLInj

ection.pdf

 Blind SQL Injection: Are your Web Applications Vulnerable    SPI

Dynamics

http://www.spidynamics.com/support/whitepapers/Blind_SQLInjection

.pdf

 Advanced SQL Injection in SQL Server Applications , Chris Anley  

NGSSoftware

http://www.nextgenss.com/papers/advanced_sql_injection.pdf

 More advanced SQL Injection , Chris Anley   NGSSoftware

http://www.nextgenss.com/papers/more_advanced_sql_injection.pdf

 Web Application Disassembly with ODBC Error Messages , David

Litchfield   @stake

http://www.nextgenss.com/papers/webappdis.doc

 SQL Injection Walkthrough 

http://www.securiteam.com/securityreviews/5DP0N1P76E.html

 Blind SQL Injection    Imperva

39

Copyright 2004, Web Application Security Consortium. All rights reserved.