GCIH · Question #808
How should an incident handler classify the following event shown in the output below?
The correct answer is B. SQL Injection. The output shown contains SQL injection indicators such as manipulated query syntax in HTTP request parameters, making SQL Injection the correct classification.
Question
How should an incident handler classify the following event shown in the output below?
Exhibit
Options
- ADNS Spoofing
- BSQL Injection
- CDirectory Traversal
- DCommand Injection
How the community answered
(39 responses)- A8% (3)
- B74% (29)
- C5% (2)
- D13% (5)
Why each option
The output shown contains SQL injection indicators such as manipulated query syntax in HTTP request parameters, making SQL Injection the correct classification.
DNS spoofing involves forging DNS response records to redirect victims to malicious IP addresses, which would appear in DNS traffic logs rather than SQL-related application output.
SQL injection occurs when user-supplied input is embedded directly into a SQL query without proper sanitization or parameterization, allowing an attacker to alter the query's logic. The output likely shows HTTP request logs or IDS alerts containing SQL metacharacters, keywords (SELECT, UNION, DROP), or boolean payloads characteristic of SQL injection attempts.
Directory traversal attacks use path sequences like '../' to navigate outside the web root and access unauthorized files, producing file-path-related artifacts rather than SQL syntax.
Command injection involves embedding OS-level commands (e.g., '; ls -la') into application input to execute arbitrary shell commands, which is distinct from SQL query manipulation.
Concept tested: Classifying SQL injection from IDS or log output
Source: https://owasp.org/www-community/attacks/SQL_Injection
Topics
Community Discussion
No community discussion yet for this question.
