A threat actor launches an SQL injection attack against a web site by sending multiple specific statements to the web site and reconstructing the key information the threat actor seeks. What type of SQL injection attack is the threat actor using?
- blind
- in-band
- error-based
- out-of-band
|
Explanation & Hint: With a blind (or inferential) SQL injection, the attacker does not make the application display or transfer any data; rather, the attacker can reconstruct the information by sending specific statements and discerning the behavior of the application and database. |