An attacker launches an SQL injection attack on a web application by trying to force the application requesting the back-end database to perform multiple SELECT queries. Which technique exploits the SQL injection vulnerability on the web application?
- Boolean
- Error-based
- Out-of-band
- Union operator
- Time delay
Explanation: There are essentially five techniques that can be used to exploit SQL injection vulnerabilities:
- Union operator - Typically used when an SQL injection vulnerability allows a SELECT statement to combine two queries into a single result or a set of results.
- Boolean - Used to verify whether certain conditions are true or false.
- Error-based - Used to force the database to generate an error to enhance and refine an attack (injection).
- Out-of-band - Used to obtain records from the database by using a different channel.
- Time delay - It is possible to use database commands to delay answers.
Exam with this question: 6.13.3 Quiz - Performing Post-Exploitation Techniques Answers
Please login or Register to submit your answer