about Blind SQLI
https://labs.portcullis.co.uk/download/Deep_Blind_SQL_Injection.pdf (chinese people needs to climb the GFW.)
What is Blind SQL Injection?
http://www.cgisecurity.com/questions/blindsql.shtml
When an attacker executes SQL Injection attacks sometimes the server responds with error messages from the database server complaining that the SQL Query’s syntax is incorrect. Blind SQL injection is identical to normal SQL Injection except that when an attacker attempts to exploit an application rather then getting a useful error message they get a generic page specified by the developer instead. This makes exploiting a potential SQL Injection attack more difficult but not impossible. An attacker can still steal data by asking a series of True and False questions through sql statements.
Additional information on SQL injection including useful articles and links can be found at our SQL Injection page below http://www.cgisecurity.com/development/sql.shtml
Also See ‘SQL Injection’
What is SQL Injection?
http://www.net-security.org/dl/articles/Blind_SQLInjection.pdf
https://www.owasp.org/index.php/Blind_SQL_Injection.
tools BSQL Hacker:https://labs.portcullis.co.uk/download/BSQLHackerSetup-0909.exe
