While testing an e-commerce site, you discover a numeric product_id parameter that is vulnerable to SQL injection but does not return any visible error messages or data. You want to confirm that the back-end database connection can still execute your injected code without relying on displayed output. Which attack technique is specifically designed to verify database connectivity in this situation by measuring server response time?
Append an inline comment (--) to truncate the original query and observe the page layout.
Inject a time-based SQL payload that forces the database to pause before responding.
Use a UNION-based payload to join the results of SELECT @@version to the HTTP response.
Attempt a stacked query that inserts a new row and then selects it back.
In a blind SQL injection scenario the attacker cannot see database error messages or query results. Time-based techniques deliberately introduce a delay (for example, SLEEP(5) in MySQL or WAITFOR DELAY '0:0:5' in Microsoft SQL Server). If the HTTP response takes noticeably longer, the tester knows the payload reached the database engine and was executed, proving that the application's database connectivity can be abused. Union-based injection requires visible output, stacked queries may be blocked, and comment truncation alone provides no confirmation of execution.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is blind SQL injection?
Open an interactive chat with Bash
How does a time-based SQL injection payload work?
Open an interactive chat with Bash
Why can't UNION-based SQL injection work in blind scenarios?
Open an interactive chat with Bash
Certified Ethical Hacker (CEH)
Web Application Hacking
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .