We've already demonstrated several SQL Injection methods. These can be found in multiple parts:

• Basic SQL Injection Part one is here
• Basic SQL Injection Part two is here
• Basic SQL Injection Part three is here
• SQL Injection Signature Evasion is here

This video demonstration is focused on "Blindfolded SQL Injection". You can find a detailed technical white paper from Imperva on this subject here.

In short, Blindfolded SQL Injection is a method of exploitation that gets around good coding practices which disallow sensitive error messages, system internals, and related information from being displayed to the user. This level of detail is very helpful for SQL injection attacks. Since most documents describing SQL Injection rely on gathering information through the error messages we thought we would explore how it can be done without any such messages with equivalent success.