GIAC
GCIH · Question #531
How does a web application that is vulnerable to SQL injection attacks usually tie into a database?
The correct answer is C. By formatting user input into an SQL statement that is sent to and run at the database. A web application gathers user input, and frequently puts it into the 鈥where鈥 or 鈥set鈥 clauses of a SQL statement. That's how the web app ties into the database.
Web Application Attacks & Post-Exploitation
Question
How does a web application that is vulnerable to SQL injection attacks usually tie into a database?
Options
- AThrough SQL stored procedures directly invoked by the web application
- BThrough binding to SQL Remote Procedure Calls on the database server
- CBy formatting user input into an SQL statement that is sent to and run at the database
- DBy establishing a SQL Secured Link (SSL) session with the database server
How the community answered
(67 responses)- A1% (1)
- B1% (1)
- C94% (63)
- D3% (2)
Explanation
A web application gathers user input, and frequently puts it into the 鈥where鈥 or 鈥set鈥 clauses of a SQL statement. That's how the web app ties into the database.
Topics
#SQL injection#database interaction#user input#web application
Community Discussion
No community discussion yet for this question.