312-50V11 · Question #330
A security administrator notices that the log file of the company's webserver contains suspicious entries: Based on source code analysis, the analyst concludes that the login.php script is vulnerable
The correct answer is B. SQL injection.. Suspicious log entries for login.php indicate user-supplied input is being incorporated directly into SQL queries without sanitization, making the script vulnerable to SQL injection.
Question
A security administrator notices that the log file of the company's webserver contains suspicious entries:
Based on source code analysis, the analyst concludes that the login.php script is vulnerable to
Exhibit
Options
- Acommand injection.
- BSQL injection.
- Cdirectory traversal.
- DLDAP injection.
How the community answered
(31 responses)- A6% (2)
- B81% (25)
- C10% (3)
- D3% (1)
Why each option
Suspicious log entries for login.php indicate user-supplied input is being incorporated directly into SQL queries without sanitization, making the script vulnerable to SQL injection.
Command injection requires the application to pass user input to an OS shell function such as exec() or system(), which is unrelated to SQL-based authentication logic in login.php.
SQL injection occurs when user-controlled data is concatenated into SQL query strings without parameterization or proper escaping, allowing attackers to alter query logic. In a login.php script, this typically allows authentication bypass by injecting conditions such as OR 1=1 that always evaluate to true. The log entries showing malformed or unexpected query patterns are a characteristic indicator of SQL injection attempts against the database backend.
Directory traversal exploits file path handling by using sequences like ../ to access unauthorized files on the filesystem, not database query manipulation in a login script.
LDAP injection targets LDAP directory query strings and would only apply if the login script authenticated against an LDAP directory rather than a SQL database.
Concept tested: SQL injection identification via web server log analysis
Source: https://owasp.org/www-community/attacks/SQL_Injection
Topics
Community Discussion
No community discussion yet for this question.
