CAPEC-7: Blind SQL Injection
ID
CAPEC-7
Typical Severity
High
Likelihood Of Attack
High
Status
Draft
Blind SQL Injection results from an insufficient mitigation for SQL Injection. Although suppressing database error messages are considered best practice, the suppression alone is not sufficient to prevent SQL Injection. Blind SQL Injection is a form of SQL Injection that overcomes the lack of error messages. Without the error messages that facilitate SQL Injection, the adversary constructs input strings that probe the target through simple Boolean SQL expressions. The adversary can determine if the syntax and structure of the injection was successful based on whether the query was executed or not. Applied iteratively, the adversary determines how and where the target is vulnerable to SQL Injection.
Weaknesses
| # ID | Name | Type |
|---|---|---|
| CWE-20 | Improper Input Validation | weakness |
| CWE-74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') | weakness |
| CWE-89 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | weakness |
| CWE-209 | Generation of Error Message Containing Sensitive Information | weakness |
| CWE-697 | Incorrect Comparison | weakness |
| CWE-707 | Improper Neutralization | weakness |
Taxonomiy Mapping
| Type | # ID | Name |
|---|---|---|
| OWASP Attacks | Blind SQL Injection |