nerdexam
CompTIA

SY0-301 · Question #335

The string: ` or 1=1-- - represents which of the following?

The correct answer is C. SQL Injection. The string ' or 1=1-- is a classic SQL injection payload that manipulates a database query's logic to always evaluate as true, bypassing authentication or dumping data.

Threats, vulnerabilities, and mitigations

Question

The string:

` or 1=1-- - represents which of the following?

Options

  • ABluejacking
  • BRogue access point
  • CSQL Injection
  • DClient-side attacks

How the community answered

(30 responses)
  • A
    3% (1)
  • B
    3% (1)
  • C
    93% (28)

Why each option

The string ' or 1=1-- is a classic SQL injection payload that manipulates a database query's logic to always evaluate as true, bypassing authentication or dumping data.

ABluejacking

Bluejacking is a Bluetooth-based attack that sends unsolicited messages to nearby Bluetooth-enabled devices and has no relation to database query manipulation.

BRogue access point

A rogue access point is an unauthorized wireless access point placed on a network to intercept traffic; it is a hardware-based attack unrelated to SQL syntax.

CSQL InjectionCorrect

SQL injection works by inserting malicious SQL syntax into an input field that is concatenated into a database query. The ' closes the original string literal, or 1=1 makes the WHERE clause always true, and -- comments out the remainder of the query, allowing an attacker to bypass login checks or retrieve unauthorized data from the database.

DClient-side attacks

Client-side attacks target vulnerabilities in the user's browser or application (such as XSS) rather than manipulating back-end database queries with injected SQL.

Concept tested: SQL injection attack pattern recognition

Source: https://owasp.org/www-community/attacks/SQL_Injection

Topics

#SQL injection#injection attacks#web application security#input validation

Community Discussion

No community discussion yet for this question.

Full SY0-301 Practice