nerdexam
GIAC

GCIH · Question #758

Which web application log keyword would be associated with a SQL injection attack?

The correct answer is A. union. The UNION keyword is a hallmark SQL injection indicator used to append secondary SELECT statements and extract unauthorized database data.

Web Application Attacks & Post-Exploitation

Question

Which web application log keyword would be associated with a SQL injection attack?

Options

  • Aunion
  • B../../../../etc/shadow
  • Cbind
  • Dscript

How the community answered

(42 responses)
  • A
    88% (37)
  • B
    2% (1)
  • C
    2% (1)
  • D
    7% (3)

Why each option

The UNION keyword is a hallmark SQL injection indicator used to append secondary SELECT statements and extract unauthorized database data.

AunionCorrect

UNION-based SQL injection appends an attacker-controlled SELECT statement to the original query, enabling retrieval of data from unintended tables. Web application logs containing patterns like 'UNION SELECT' are strong, well-known indicators of an active SQL injection attempt.

B../../../../etc/shadow

'../../../../etc/shadow' is a path traversal or local file inclusion payload used to access sensitive OS files, not a SQL injection indicator.

Cbind

'bind' is associated with DNS zone transfers or LDAP bind operations, not SQL injection attacks.

Dscript

'script' is associated with cross-site scripting (XSS) injection, not SQL injection.

Concept tested: SQL injection attack log signature identification

Source: https://owasp.org/www-community/attacks/SQL_Injection

Topics

#SQL injection#UNION keyword#web application logs#log analysis

Community Discussion

No community discussion yet for this question.

Full GCIH Practice