Skip to Content

Ethical Hacking: How Does Time-Based Blind SQL Injection Work?

By: Author Alex Lim

Posted on

Categories Exam

Home » Exam » Ethical Hacking: How Does Time-Based Blind SQL Injection Work?

Why Do Attackers Use Response Delays in SQL Injection Attacks?

Learn how time-based blind SQL injection operates by using intentional response delays to infer database information. Understand how attackers determine true or false conditions when no direct data output is available from the web application.

Question

Which SQL injection method relies on sending multiple requests and observing delays in response?

A. Time-based blind
B. Union-based
C. Out-of-band
D. Error-based

Answer

A. Time-based blind

Explanation

Time-based blind SQLi tests conditions by inducing response delays.

Time-based blind SQL injection is a technique used to determine whether an SQL query condition is true or false by monitoring response delays from the target server. Unlike error-based or union-based injection, this method does not rely on visible database output or error messages. Instead, the attacker injects SQL commands designed to make the database pause execution for a specific duration if a certain condition is true. By comparing response times, the attacker can infer logical outcomes and extract data bit by bit.

Example:

http://target.com/vuln.php?id=1' IF (SUBSTRING(@@version,1,1)='5') WAITFOR DELAY '0:0:5'--

If the server’s response is delayed by five seconds, it confirms that the first character of the database version is “5.”

How it works:

  1. Sends multiple HTTP requests containing conditional SQL statements.
  2. Measures response time differences to deduce boolean results.
  3. Repeats the process systematically to reconstruct data such as usernames or passwords.

The other options serve different functions:

B. Union-based – Combines query results using UNION SELECT to return visible data.

C. Out-of-band – Uses alternative communication channels (e.g., DNS or HTTP requests) to extract data.

D. Error-based – Relies on readable error messages from the database to display information directly.

Ethical Hacking with Metasploit, SQL & Crypto certification exam assessment practice question and answer (Q&A) dump including multiple choice questions (MCQ) and objective type questions, with detail explanation and reference available free, helpful to pass the Ethical Hacking with Metasploit, SQL & Crypto exam and earn Ethical Hacking with Metasploit, SQL & Crypto certificate.