When a web application is vulnerable to an SQL injection, but the results of the injection are not visible to the attacker, is called blind SQLi.

Admins, developers, and frameworks are handling errors in order to avoid leaking information. When no results or errors are visible to the attacker, we still have some methods that can help exploit the SQL injection in a blind way. They are:

• Boolean: This method is based on injecting payloads that alter the outcome of the original query, which results in different returned page content
• Time based: This method is based on injecting payloads that trigger a delay time for the SQL server while processing our query, which, in turn, slows down the response time of our request

We're going to learn more about these techniques in more detail later.