nerdexam
GIAC

GCIH · Question #782

A web application receives the following input from a malicious request. What is the attacker attempting to do? select accountbalance from user where name = jake' OR 'z'='z';

The correct answer is C. Obtain database records for every application user. This is a classic SQL injection attack using an always-true condition to bypass authentication and return all rows from a table.

Web Application Attacks & Post-Exploitation

Question

A web application receives the following input from a malicious request. What is the attacker attempting to do? select accountbalance from user where name = jake' OR 'z'='z';

Options

  • ADownload database records for a specific application user
  • BCombine two input requests into a single query
  • CObtain database records for every application user
  • DAdd a new user account to the application database

How the community answered

(31 responses)
  • A
    3% (1)
  • B
    10% (3)
  • C
    71% (22)
  • D
    16% (5)

Why each option

This is a classic SQL injection attack using an always-true condition to bypass authentication and return all rows from a table.

ADownload database records for a specific application user

The injection breaks the intended filter on 'jake' with the OR condition, so the query returns all users, not a specific one.

BCombine two input requests into a single query

This is a single manipulated SELECT query, not two separate requests being combined.

CObtain database records for every application userCorrect

The injected condition OR 'z'='z' is always true, causing the WHERE clause to evaluate as true for every row in the user table. This forces the database to return account balances for all users rather than filtering by a specific name, effectively dumping the entire result set.

DAdd a new user account to the application database

There is no INSERT or CREATE statement present; the query only performs a SELECT to read existing data.

Concept tested: SQL injection always-true bypass technique

Source: https://owasp.org/www-community/attacks/SQL_Injection

Topics

#SQL injection#authentication bypass#tautology attack#database enumeration

Community Discussion

No community discussion yet for this question.

Full GCIH Practice