An attacker launches an SQL injection attack on a web application by trying to force the application requesting the back-end database to perform multiple SELECT queries. Which technique exploits the SQL injection vulnerability on the web application?

An attacker launches an SQL injection attack on a web application by trying to force the application requesting the back-end database to perform multiple SELECT queries. Which technique exploits the SQL injection vulnerability on the web application?

• Boolean
• Error-based
• Out-of-band
• Union operator
• Time delay

Explanation: There are essentially five techniques that can be used to exploit SQL injection vulnerabilities:

- Union operator - Typically used when an SQL injection vulnerability allows a SELECT statement to combine two queries into a single result or a set of results.
- Boolean - Used to verify whether certain conditions are true or false.
- Error-based - Used to force the database to generate an error to enhance and refine an attack (injection).
- Out-of-band - Used to obtain records from the database by using a different channel.
- Time delay - It is possible to use database commands to delay answers.

Exam with this question: 6.13.3 Quiz - Performing Post-Exploitation Techniques Answers