Exam 312-50 topic 3 question 30 discussion

Actual exam question from ECCouncil's 312-50

Question #: 30
Topic #: 3

[All 312-50 Questions]

What is the main difference between a "Normal" SQL Injection and a "Blind" SQL Injection vulnerability?

A. The request to the web server is not visible to the administrator of the vulnerable application.
B. The attack is called "Blind" because, although the application properly filters user input, it is still vulnerable to code injection.
C. The successful attack does not show an error message to the administrator of the affected application.
D. The vulnerable application does not display errors with information about the injection results to the attacker.

Show Suggested Answer

Suggested Answer: D 🗳️

by WZ1122 at March 19, 2022, 5:13 a.m.

Comments

Submit Cancel

salei

11 months ago

Selected Answer: D

It's correct. The C could sound correct as well, but the error message is not sent to the application administrator but to the attacker

upvoted 1 times

...

When an attacker exploits SQL injection, sometimes the web application displays error messages from the database complaining that the SQL Query’s syntax is incorrect. Blind SQL injection is nearly identical to normal SQL Injection, the only difference being the way the data is retrieved from the database. When the database does not output data to the web page, an attacker is forced to steal data by asking the database a series of true or false questions. This makes exploiting the SQL Injection vulnerability more difficult, but not impossible. .

upvoted 2 times

...