nerdexam
GIAC

GCIH · Question #531

How does a web application that is vulnerable to SQL injection attacks usually tie into a database?

The correct answer is C. By formatting user input into an SQL statement that is sent to and run at the database. A web application gathers user input, and frequently puts it into the 鈥where鈥 or 鈥set鈥 clauses of a SQL statement. That's how the web app ties into the database.

Web Application Attacks & Post-Exploitation

Question

How does a web application that is vulnerable to SQL injection attacks usually tie into a database?

Options

  • AThrough SQL stored procedures directly invoked by the web application
  • BThrough binding to SQL Remote Procedure Calls on the database server
  • CBy formatting user input into an SQL statement that is sent to and run at the database
  • DBy establishing a SQL Secured Link (SSL) session with the database server

How the community answered

(67 responses)
  • A
    1% (1)
  • B
    1% (1)
  • C
    94% (63)
  • D
    3% (2)

Explanation

A web application gathers user input, and frequently puts it into the 鈥where鈥 or 鈥set鈥 clauses of a SQL statement. That's how the web app ties into the database.

Topics

#SQL injection#database interaction#user input#web application

Community Discussion

No community discussion yet for this question.

Full GCIH Practice