nerdexam
GIAC

GCIH · Question #807

What type of attack is being attempted in the following image?

The correct answer is D. SQL injection. The image depicts a SQL injection attack, where malicious SQL syntax is injected into an input field to manipulate backend database queries.

Web Application Attacks & Post-Exploitation

Question

What type of attack is being attempted in the following image?

Exhibit

GCIH question #807 exhibit

Options

  • ACredential stuffing
  • BBuffer overflow
  • CCross-site scripting
  • DSQL injection

How the community answered

(23 responses)
  • B
    9% (2)
  • C
    4% (1)
  • D
    87% (20)

Why each option

The image depicts a SQL injection attack, where malicious SQL syntax is injected into an input field to manipulate backend database queries.

ACredential stuffing

Credential stuffing uses large sets of previously breached username and password pairs to attempt automated logins, not SQL syntax manipulation.

BBuffer overflow

Buffer overflow attacks exploit insufficient bounds checking in memory allocation to overwrite adjacent memory, which is a lower-level binary exploitation technique unrelated to SQL input fields.

CCross-site scripting

Cross-site scripting (XSS) injects client-side script code (typically JavaScript) into web pages to be executed in other users' browsers, not SQL commands targeting a database.

DSQL injectionCorrect

SQL injection attacks insert or 'inject' malicious SQL code into input fields that are passed unsanitized to a database query, allowing an attacker to manipulate query logic, extract data, bypass authentication, or destroy data. The telltale signs include input containing SQL keywords, quotes, comment sequences (--), or boolean logic such as ' OR '1'='1'.

Concept tested: Identifying SQL injection attack patterns

Source: https://owasp.org/www-community/attacks/SQL_Injection

Topics

#SQL injection#web attack identification#attack classification#web application

Community Discussion

No community discussion yet for this question.

Full GCIH Practice