Which type of attack allows extraction of information by injecting true/false queries?

Blind SQL injection is a type of attack where an attacker can send queries to a database, but the information returned is limited, typically only confirming whether the queries return true or false. Unlike standard SQL injection, where the attacker can directly see the output of their queries, blind SQL injection relies on evaluating the application's behavior based on the responses or delays.

In a blind SQL injection attack, the attacker constructs queries to infer data based on the responses from the application. For instance, the attacker might ask if a particular value exists in the database and then check the application's response to determine if the answer is true or false. This method allows the extraction of sensitive information, such as usernames or passwords, albeit in a roundabout and less efficient manner.

This form of attack is particularly dangerous because it can be conducted without the attacker needing to see direct database responses, making it harder to detect and mitigate. It showcases the importance of implementing secure coding practices and robust input validation to prevent unauthorized access to database systems.