312-50V13 · Question #246
Ethical hacker jane Smith is attempting to perform an SQL injection attach. She wants to test the response time of a true or false response and wants to use a second command to determine whether the d
The correct answer is D. Time-based and boolean-based. SQL Injection Types Explanation Option D (Time-based and boolean-based) is correct because Jane needs two specific capabilities: time-based blind SQL injection measures database response delays (e.g., using SLEEP() or WAITFOR DELAY) to infer true/false conditions based on how lon
Question
Options
- AOut of band and boolean-based
- BTime-based and union-based
- Cunion-based and error-based
- DTime-based and boolean-based
How the community answered
(49 responses)- A12% (6)
- B2% (1)
- C4% (2)
- D82% (40)
Explanation
SQL Injection Types Explanation
Option D (Time-based and boolean-based) is correct because Jane needs two specific capabilities: time-based blind SQL injection measures database response delays (e.g., using SLEEP() or WAITFOR DELAY) to infer true/false conditions based on how long the server takes to respond, while boolean-based blind SQL injection uses a secondary query that forces the database to return a true or false result (e.g., AND 1=1 vs AND 1=2) to extract information about user IDs.
Why the distractors are wrong:
- Option A is incorrect because out-of-band injection relies on separate network channels (like DNS/HTTP requests) to exfiltrate data, which doesn't align with testing response times or true/false logic
- Option B is incorrect because union-based injection appends additional SELECT statements to retrieve direct data output - it doesn't test timing or boolean conditions in the blind sense Jane requires
- Option C is incorrect because error-based injection deliberately triggers database error messages to extract data, and union-based doesn't address timing or boolean responses
Memory Tip
Think "T-B = Time & Boolean" - Time measures the wait, Boolean measures the weight (true/false). Together they form the two pillars of blind SQL injection, which is what Jane is testing.
Topics
Community Discussion
No community discussion yet for this question.