Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
A
A
alexzpua2014-04-23 02:36:32
PHP
alexzpua, 2014-04-23 02:36:32

Why is Blind SQL injection dangerous?

Good day, dear toaster-inhabitants. Could you please explain how dangerous the
Blind SQL injection vulnerability is?
What can an attacker do with this?
I scanned my site and found this vulnerability. True, he did not give more detailed information, because the demo version.
An XSS vulnerability was also found using XSpider, and in

<input type="hidden" name="csrftoken" value="b1e0c4424e17c0d3410bf6c5f03cdf97">
. How XSS can work here, I can’t understand at all ... It also serves as protection against XSS attacks.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

3 answer(s)
Report
R
Rsa97, 2014-04-23
@alexzpua

Blind only means that the result of the injection is not displayed on the page. At the same time, there are still methods that allow, if successful, to log in without knowing the password, for example, with this construction:
If the authorization request to the database looks like this:
then it is converted to
the result of the calculation will be TRUE for any user and password.
It is also possible to destroy the database itself by issuing the DROP TABLE or DROP DATABASE commands.

Report
A
alexzpua, 2014-04-23
@alexzpua

Thank you. All clear.

Report
E
Egor Kazantsev, 2014-04-24
@saintbyte

IMHO lies HSpider there is no such hole in Dzhang =)

Similar questions
S
sinout2017-04-05 02:08:24
Does it make sense to use Immutable along with React? 4Reply
D
deadmemoras2016-06-18 10:28:34
Work abroad without experience? 10Reply
A
Albert Zurabyan2016-06-24 14:55:21
How to hide some object ids from a site from a SQL query? 3Reply
N
Nicholas Hephaestus2022-01-24 20:18:11
Why does the space bar and other keys not work in TeamViewer? 4Reply
V
Vladimir Karpenko2017-04-19 19:41:47
What if there are two databases in an ASP.NET MVC5 project: one is database first, the other is code first? 3Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question