GCIH · Question #758
Which web application log keyword would be associated with a SQL injection attack?
The correct answer is A. union. The UNION keyword is a hallmark SQL injection indicator used to append secondary SELECT statements and extract unauthorized database data.
Question
Which web application log keyword would be associated with a SQL injection attack?
Options
- Aunion
- B../../../../etc/shadow
- Cbind
- Dscript
How the community answered
(42 responses)- A88% (37)
- B2% (1)
- C2% (1)
- D7% (3)
Why each option
The UNION keyword is a hallmark SQL injection indicator used to append secondary SELECT statements and extract unauthorized database data.
UNION-based SQL injection appends an attacker-controlled SELECT statement to the original query, enabling retrieval of data from unintended tables. Web application logs containing patterns like 'UNION SELECT' are strong, well-known indicators of an active SQL injection attempt.
'../../../../etc/shadow' is a path traversal or local file inclusion payload used to access sensitive OS files, not a SQL injection indicator.
'bind' is associated with DNS zone transfers or LDAP bind operations, not SQL injection attacks.
'script' is associated with cross-site scripting (XSS) injection, not SQL injection.
Concept tested: SQL injection attack log signature identification
Source: https://owasp.org/www-community/attacks/SQL_Injection
Topics
Community Discussion
No community discussion yet for this question.