312-50V13 · Question #504
312-50V13 Question #504: Real Exam Question with Answer & Explanation
The correct answer is D: Utilize a blind injection technique that uses time delays or error signatures to extract information. Explanation When a web application returns generic error messages that suppress detailed database information, the attacker has lost the primary feedback channel needed for standard (error-based) SQL injection. Blind SQL injection (Option D) is specifically designed for this scen
Question
During an attempt to perform an SQL injection attack, a certified ethical hacker is focusing on the identification of database engine type by generating an ODBC error. The ethical hacker, after injecting various payloads, finds that the web application returns a standard, generic error message that does not reveal any detailed database information. Which of the following techniques would the hacker consider next to obtain useful information about the underlying database?
Options
- AUse the UNION operator to combine the result sets of two or more SELECT statements
- BAttempt to compromise the system through OS-level command shell execution
- CTry to insert a string value where a number is expected in the input field
- DUtilize a blind injection technique that uses time delays or error signatures to extract information
Explanation
Explanation
When a web application returns generic error messages that suppress detailed database information, the attacker has lost the primary feedback channel needed for standard (error-based) SQL injection. Blind SQL injection (Option D) is specifically designed for this scenario - it extracts information indirectly by observing time delays (e.g., SLEEP() or WAITFOR DELAY) or boolean-based responses (true/false behavior changes), allowing the hacker to infer database details without needing visible error output.
Why the distractors are wrong:
- Option A (UNION-based injection) requires the application to return query results visibly in the response; if errors are suppressed, output is likely suppressed too, making UNION attacks ineffective
- Option B (OS-level command execution) is a post-exploitation technique that assumes you've already gained significant access - it's premature at the reconnaissance/identification stage
- Option C (inserting a string where a number is expected) is actually the technique already being attempted to generate ODBC errors, which has already failed since the app returns generic messages
Memory Tip
Think: "No feedback? Go blind!" - When the application hides its errors, switch to Blind SQLi, which operates like a yes/no guessing game using time or behavior, making visible output unnecessary.
Topics
Community Discussion
No community discussion yet for this question.