SY0-301 · Question #357
SY0-301 Question #357: Real Exam Question with Answer & Explanation
The correct answer is D: The user is sending malicious SQL injection strings in order to extract sensitive company or customer. The characters ';--' and 'OR 1=1 --' are classic SQL injection payloads designed to terminate legitimate queries and inject malicious logic. This indicates the user is attempting to manipulate the back-end database.
Question
Options
- AThe user is attempting to highjack the web server session using an open-source browser.
- BThe user has been compromised by a cross-site scripting attack (XSS) and is part of a botnet performing
- CThe user is attempting to fuzz the web server by entering foreign language characters which are
- DThe user is sending malicious SQL injection strings in order to extract sensitive company or customer
Explanation
The characters ';--' and 'OR 1=1 --' are classic SQL injection payloads designed to terminate legitimate queries and inject malicious logic. This indicates the user is attempting to manipulate the back-end database.
Common mistakes.
- A. Session hijacking involves stealing or forging session tokens, not submitting special characters into form fields as part of an order.
- B. XSS botnet activity would involve injected JavaScript executing in a victim browser, not SQL metacharacters submitted through a form.
- C. Fuzzing with foreign language characters describes internationalization or encoding testing; the specific patterns ';--' and 'OR 1=1 --' are not foreign language characters but are well-known SQL metacharacter sequences.
Concept tested. SQL injection attack recognition and identification
Reference. https://owasp.org/www-community/attacks/SQL_Injection
Community Discussion
No community discussion yet for this question.