Detailedlikelihood: Highseverity: HighDraft
CAPEC-7Blind SQL Injection
Abstraction
Detailed
Status
Draft
Likelihood
High
Severity
High
Description
Blind SQL Injection results from an insufficient mitigation for SQL Injection. Although suppressing database error messages are considered best practice, the suppression alone is not sufficient to prevent SQL Injection. Blind SQL Injection is a form of SQL Injection that overcomes the lack of error messages. Without the error messages that facilitate SQL Injection, the adversary constructs input strings that probe the target through simple Boolean SQL expressions. The adversary can determine if the syntax and structure of the injection was successful based on whether the query was executed or not. Applied iteratively, the adversary determines how and where the target is vulnerable to SQL Injection.
Related weaknesses· 6
Related attack patterns· 1
Exploits6
| Type | Target | Confidence | Tier |
|---|---|---|---|
| Weakness | Incorrect Comparisoncwe-697 | 100% | live |
| Weakness | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')cwe-89 | 100% | live |
| Weakness | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')cwe-74 | 100% | live |
| Weakness | Improper Neutralizationcwe-707 | 100% | live |
| Weakness | Improper Input Validationcwe-20 | 100% | live |
| Weakness | Generation of Error Message Containing Sensitive Informationcwe-209 | 100% | live |
Related by meaning· 6
Nearest entities by semantic similarity across the cs-graph corpus.