nerdexam
ExamsGCIHQuestions#48
GIAC

GCIH · Question #48

GCIH Question #48: Real Exam Question with Answer & Explanation

The correct answer is C: Single quote ('). The single quote is the canonical character used to test for SQL injection because it terminates string literals in SQL syntax and can expose database parsing errors.

Web Application Attacks & Post-Exploitation

Question

Which of the following characters will you use to check whether an application is vulnerable to an SQL injection attack?

Options

  • ADash (-)
  • BDouble quote (")
  • CSingle quote (')
  • DSemi colon (;)

Explanation

The single quote is the canonical character used to test for SQL injection because it terminates string literals in SQL syntax and can expose database parsing errors.

Common mistakes.

  • A. A dash alone does not break SQL string literals and is not a recognized standard first-step test character for SQL injection vulnerability.
  • B. A double quote is used for identifier quoting in some SQL dialects but is not the universally recognized initial probe character for SQL injection testing.
  • D. A semicolon can be used to stack SQL statements in certain databases but does not directly reveal injection vulnerability on its own and is not the standard initial test character.

Concept tested. SQL injection detection using single quote character

Reference. https://owasp.org/www-community/attacks/SQL_Injection

Topics

#SQL injection#single quote#injection testing#input validation

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full GCIH Practice