GCIH · Question #686
In addition to special characters, certain keywords in log files may indicate a SQL injection attack. Which words could indicate a SQL injection attack?
The correct answer is D. "union", and "select". This question tests knowledge of SQL keywords that appear in web server log files as indicators of SQL injection attempts.
Question
In addition to special characters, certain keywords in log files may indicate a SQL injection attack. Which words could indicate a SQL injection attack?
Options
- A"language=JavaScript", and "select"
- B"<script>", and "where"
- C"bind", and "select"
- D"union", and "select"
How the community answered
(46 responses)- A2% (1)
- B4% (2)
- C2% (1)
- D91% (42)
Why each option
This question tests knowledge of SQL keywords that appear in web server log files as indicators of SQL injection attempts.
'language=JavaScript' is associated with client-side scripting contexts and is not a SQL injection indicator, even though 'select' is a SQL keyword.
'<script>' is a hallmark indicator of Cross-Site Scripting (XSS), not SQL injection, regardless of the presence of the SQL keyword 'where'.
'bind' is not a recognized SQL injection keyword and is more commonly associated with LDAP injection or variable binding in programming frameworks.
The keywords 'union' and 'select' are the hallmark indicators of UNION-based SQL injection, where an attacker appends a UNION SELECT clause to an existing query in order to extract data from additional database tables. Detecting this combination in access logs is a primary detection method for SQL injection attacks.
Concept tested: SQL injection log detection using UNION SELECT keywords
Source: https://owasp.org/www-community/attacks/SQL_Injection
Topics
Community Discussion
No community discussion yet for this question.