You remember in the old days when there was a difference between a cracker and hacker? Now a hacker is a cracker and a cracker is something else entirely. Well the same thing is about to happen with what blind injection VS true/false injection. People should know why it is called a blind injection. It’s not because you can’t see the number of columns or anything like that. A blind injection is where no error message appears. Is all started with the MSsql injections where you could use the error message to your advantage by creating errors that would display the results. But this seems too have been forgotten by the new generation of exploiters out there. While looking into this I even found that some moron on wikipedia had got his facts wrong and is now teaching the whole world the wrong thing. Well, I guess I just to have to except people are sheep.
If(!true) {
echo ‘this is true, Baaa!’;
}

More sources:
http://www.cgisecurity.com/questions/blindsql.shtml
http://www.owasp.org/index.php/Blind_SQL_Injection

This entry was posted on Monday, February 28th, 2011 at 9:57 pm and is filed under Adventure. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.