312-50V13 Question #260: Real Exam Question with Answer & Explanation

Question

SQL injection (SQLi) attacks attempt to inject SQL syntax into web requests, which may bypass authentication and allow attackers to access and/or modify data attached to a web application. Which of the following SQLi types leverages a database server's ability to make DNS requests to pass data to an attacker?

Options

• AUnion-based SQLI
• BOut-of-band SQLI
• Cln-band SQLI
• DTime-based blind SQLI

Explanation

Out-of-band SQLi (Option B) is correct because it uses alternative communication channels - specifically a database server's ability to make DNS or HTTP requests - to exfiltrate data to an attacker-controlled server, rather than receiving results directly through the web application's response.

Why the others are wrong:

• Union-based SQLi (A) is a type of in-band SQLi that uses the UNION SQL operator to retrieve data directly within the application's HTTP response - no DNS involved.
• In-band SQLi (C) is a broad category where data is extracted through the same channel used to inject the SQL (the web response itself), making it the opposite of "out-of-band."
• Time-based blind SQLi (D) infers data by causing the database to pause (e.g., using SLEEP()) and measuring response delays - it exfiltrates nothing via DNS.

Memory Tip: Think of "out-of-band" as "out of the normal channel" - just like a DNS request goes outside the standard web response path. If the attack uses DNS to "call home" with stolen data, it's going out of band.

No community discussion yet for this question.