This is also called blind SQL injection, as it is not possible to see the errors or the results in the application's response. We need to infer what is happening in the application's backend or use external channels to get the information. These are harder to exploit than in-band SQL injections.

There are two types of inferential SQL injections:

• Boolean-based blind SQL injection: In this kind of SQL injection, statements are focused on changing a Boolean value in the application, in order to get different responses. Despite the SQL injection, result is not showed directly; the HTTP response content could change to infer the result.
• Time-based blind SQL injection: This SQL injection depends on the time taken to generate a response by the database server. With variations in time, it is possible to infer whether the SQL injection was successful or not.