312-50V13 Question #466: Real Exam Question with Answer & Explanation

Question

Which of the following types of SQL injection attacks extends the results returned by the original query, enabling attackers to run two or more statements if they have the same structure as the original one?

Options

• AError-based injection
• BBoolean-based blind SQL injection
• CBlind SQL injection
• DUnion SQL injection

Explanation

Union SQL Injection Explained

Union SQL injection is correct because it uses the SQL UNION operator to append additional SELECT statements to the original query, effectively extending the result set returned to the attacker - as long as the injected query matches the same number of columns and compatible data types as the original. For example, an attacker might inject ' UNION SELECT username, password FROM users-- to retrieve sensitive data alongside the original query results.

Why the distractors are wrong:

• Error-based injection (A) manipulates the database into returning error messages that reveal structural information, not extending query results.
• Boolean-based blind SQL injection (B) asks the database true/false questions and infers data from the application's behavior - no direct data is returned.
• Blind SQL injection (C) is a broader category where no data is directly visible in responses; it includes boolean-based and time-based techniques, but does not extend query results.

Memory Tip: Think of UNION = Unite - the attacker unites their malicious query with the original one to pull extra data, just like SQL's UNION combines two result sets into one. If you remember that UNION in SQL merges queries, you'll always link it to this attack type.

No community discussion yet for this question.