{"detect":{"cwe":"CWE-89","exploit_examples":["/blind-bool/?id=1+AND+SUBSTRING((SELECT+value+FROM+secrets+WHERE+name='sqli-blind-bool'),1,1)='V'"],"owasp":"A03:2021 \u2014 Injection (SQLi)","scanner_should_fire":true,"sinks":["f-string concatenation in WHERE id=<input>"],"subtype":"blind-boolean","success_markers":["VULNLAB{sqli-blind-boolean-oracle}"],"tags":["blind","boolean-oracle","no-error-leak"]},"lab_url":"/blind-bool/","sink":"string-concatenated SELECT (no error reflection)","slug":"blind-bool","source_url":"/source/blind-bool","summary":"Product lookup leaks only existence. No errors, no reflection.","title":"Blind SQLi (boolean oracle)","vulnerable":true}