nerdexam
EC-Council

312-50V10 · Question #18

What is attempting an injection attack on a web server based on responses to True/False questions called?

The correct answer is C. Blind SQLi. Blind SQL injection infers database content through boolean (true/false) application responses without directly seeing query output.

SQL Injection

Question

What is attempting an injection attack on a web server based on responses to True/False questions called?

Options

  • ADMS-specific SQLi
  • BCompound SQLi
  • CBlind SQLi
  • DClassic SQLi

How the community answered

(55 responses)
  • A
    7% (4)
  • B
    2% (1)
  • C
    89% (49)
  • D
    2% (1)

Why each option

Blind SQL injection infers database content through boolean (true/false) application responses without directly seeing query output.

ADMS-specific SQLi

DBMS-specific SQLi exploits features or syntax unique to a particular database engine such as stored procedures in MS SQL Server, and is not defined by a boolean inference method.

BCompound SQLi

Compound SQLi combines multiple injection techniques or attack vectors simultaneously, which is unrelated to the true/false questioning approach described.

CBlind SQLiCorrect

Blind SQL injection occurs when a web application does not return query results or error messages directly, forcing the attacker to ask a series of true/false questions and infer data based on the application's differing responses. This technique is used when classic SQLi is not possible because database output is not reflected in the HTTP response.

DClassic SQLi

Classic SQLi (in-band) retrieves data directly within the same communication channel used for injection, where results are visible in the application's response - the opposite of blind.

Concept tested: Blind SQL injection boolean-based inference

Source: https://owasp.org/www-community/attacks/Blind_SQL_Injection

Topics

#blind SQL injection#boolean-based SQLi#true/false inference#injection techniques

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice