312-50V12 Question #273: Real Exam Question with Answer & Explanation

Question

What is the following command used for?

Options

• ARetrieving SQL statements being executed on the database
• BCreating backdoors using SQL injection
• CEnumerating the databases in the DBMS for the URL
• DSearching database statements at the IP address given

Explanation

The command is used to identify and list all available databases within a Database Management System (DBMS) that a web application, specified by its URL, interacts with.

Common mistakes.

• A. While SQL injection can sometimes reveal query information, the specific function of this command, aligned with database enumeration, is to list database names, not to retrieve currently executing SQL statements.
• B. This command serves as an information gathering step (enumeration) to map the database structure, rather than directly creating backdoors, although enumeration can be a prerequisite for such malicious actions.
• D. The command specifically targets a URL, indicating a web application context, and its primary function is database enumeration within a DBMS, not a general search for statements at an arbitrary IP address.

Concept tested. SQL Injection Database Enumeration

Reference. https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05-Testing_for_SQL_Injection

No community discussion yet for this question.