The query returns either true or false. If we obtain true, then we have completed the inference and, therefore, we know the value of the parameter. If we obtain false, this means that the null character is present in the value of the parameter, and we must continue to analyze the next parameter until we find another null value.The blind SQL injection attack needs a high volume of queries. The tester may need an automatic tool to exploit the vulnerability.

bsqlbf v2.3 Released – Blind SQL Injection Brute Forcing Tool

2ff7e9595c