312-50V13 · Question #465
What is the following command used for?
The correct answer is B. A Enumerating the databases in the DBMS for the URL. The command (an assumed SQL injection payload) is used for enumerating the available databases within a Database Management System (DBMS) through a given URL.
Question
Options
- ACreating backdoors using SQL injection
- BA Enumerating the databases in the DBMS for the URL
- CRetrieving SQL statements being executed on the database
- DSearching database statements at the IP address given
How the community answered
(25 responses)- A4% (1)
- B76% (19)
- C12% (3)
- D8% (2)
Why each option
The command (an assumed SQL injection payload) is used for enumerating the available databases within a Database Management System (DBMS) through a given URL.
Creating backdoors via SQL injection usually involves writing files to the server or creating new user accounts, which is a different objective than just enumerating databases.
Enumerating databases via SQL injection typically involves crafting queries that leverage system tables, such as `information_schema.schemata`, to list all available database names. This step helps attackers discover potential targets for further data exfiltration or manipulation.
Retrieving SQL statements being executed on a database typically requires direct database monitoring tools or access to logs, not a standard SQL injection payload for enumeration.
Searching database statements at an IP address is vague; SQL injection operates within the context of a web application interacting with its database, not directly searching statements at an arbitrary network address.
Concept tested: SQL injection database enumeration
Source: https://learn.microsoft.com/en-us/azure/security/fundamentals/sql-injection
Topics
Community Discussion
No community discussion yet for this question.