312-50V13 · Question #171
Elliot is in the process of exploiting a web application that uses SQL as a back-end database. He's determined that the application is vulnerable to SQL injection, and has introduced conditional timin
The correct answer is B. Blind SQL injection. Elliot is performing blind SQL injection, a technique used when an attacker infers information based on the application's responses, such as timing delays, rather than direct output.
Question
Options
- AError-based SQL injection
- BBlind SQL injection
- CUnion-based SQL injection
- DNoSQL injection
How the community answered
(32 responses)- A3% (1)
- B94% (30)
- C3% (1)
Why each option
Elliot is performing blind SQL injection, a technique used when an attacker infers information based on the application's responses, such as timing delays, rather than direct output.
Error-based SQL injection relies on the database returning error messages that reveal information about the database structure or query results, which is not what Elliot is observing.
Blind SQL injection occurs when an attacker cannot see the output of the SQL query directly on the webpage, making it necessary to rely on other methods to confirm success or extract data. Using conditional timing delays, where the response time indicates whether a certain condition in the injected query is true or false, is a classic technique for blind SQL injection, allowing for systematic information extraction.
Union-based SQL injection uses the UNION operator to combine the results of the attacker's query with the legitimate query, displaying the injected data directly in the application's response, which Elliot is not doing.
NoSQL injection targets NoSQL databases, which have different query languages and vulnerabilities than traditional SQL databases, whereas the question specifies a SQL back-end.
Concept tested: Blind SQL injection detection techniques
Source: https://learn.microsoft.com/en-us/azure/web-application-firewall/afds/waf-overview#sql-injection
Topics
Community Discussion
No community discussion yet for this question.