GCIH · Question #807
What type of attack is being attempted in the following image?
The correct answer is D. SQL injection. The image depicts a SQL injection attack, where malicious SQL syntax is injected into an input field to manipulate backend database queries.
Question
What type of attack is being attempted in the following image?
Exhibit
Options
- ACredential stuffing
- BBuffer overflow
- CCross-site scripting
- DSQL injection
How the community answered
(23 responses)- B9% (2)
- C4% (1)
- D87% (20)
Why each option
The image depicts a SQL injection attack, where malicious SQL syntax is injected into an input field to manipulate backend database queries.
Credential stuffing uses large sets of previously breached username and password pairs to attempt automated logins, not SQL syntax manipulation.
Buffer overflow attacks exploit insufficient bounds checking in memory allocation to overwrite adjacent memory, which is a lower-level binary exploitation technique unrelated to SQL input fields.
Cross-site scripting (XSS) injects client-side script code (typically JavaScript) into web pages to be executed in other users' browsers, not SQL commands targeting a database.
SQL injection attacks insert or 'inject' malicious SQL code into input fields that are passed unsanitized to a database query, allowing an attacker to manipulate query logic, extract data, bypass authentication, or destroy data. The telltale signs include input containing SQL keywords, quotes, comment sequences (--), or boolean logic such as ' OR '1'='1'.
Concept tested: Identifying SQL injection attack patterns
Source: https://owasp.org/www-community/attacks/SQL_Injection
Topics
Community Discussion
No community discussion yet for this question.
