nerdexam
EC-Council

312-50V11 · Question #330

A security administrator notices that the log file of the company's webserver contains suspicious entries: Based on source code analysis, the analyst concludes that the login.php script is vulnerable

The correct answer is B. SQL injection.. Suspicious log entries for login.php indicate user-supplied input is being incorporated directly into SQL queries without sanitization, making the script vulnerable to SQL injection.

SQL Injection

Question

A security administrator notices that the log file of the company's webserver contains suspicious entries:

Based on source code analysis, the analyst concludes that the login.php script is vulnerable to

Exhibit

312-50V11 question #330 exhibit

Options

  • Acommand injection.
  • BSQL injection.
  • Cdirectory traversal.
  • DLDAP injection.

How the community answered

(31 responses)
  • A
    6% (2)
  • B
    81% (25)
  • C
    10% (3)
  • D
    3% (1)

Why each option

Suspicious log entries for login.php indicate user-supplied input is being incorporated directly into SQL queries without sanitization, making the script vulnerable to SQL injection.

Acommand injection.

Command injection requires the application to pass user input to an OS shell function such as exec() or system(), which is unrelated to SQL-based authentication logic in login.php.

BSQL injection.Correct

SQL injection occurs when user-controlled data is concatenated into SQL query strings without parameterization or proper escaping, allowing attackers to alter query logic. In a login.php script, this typically allows authentication bypass by injecting conditions such as OR 1=1 that always evaluate to true. The log entries showing malformed or unexpected query patterns are a characteristic indicator of SQL injection attempts against the database backend.

Cdirectory traversal.

Directory traversal exploits file path handling by using sequences like ../ to access unauthorized files on the filesystem, not database query manipulation in a login script.

DLDAP injection.

LDAP injection targets LDAP directory query strings and would only apply if the login script authenticated against an LDAP directory rather than a SQL database.

Concept tested: SQL injection identification via web server log analysis

Source: https://owasp.org/www-community/attacks/SQL_Injection

Topics

#SQL injection#login bypass#web application vulnerability#MSSQL

Community Discussion

No community discussion yet for this question.

Full 312-50V11 Practice