SY0-301 · Question #733
Which of the following BEST describes a SQL Injection attack?
The correct answer is A. The attacker attempts to have the receiving server pass information to a back-end database from. A SQL injection attack involves inserting malicious SQL code into input fields so that the server passes it to a back-end database, allowing the attacker to manipulate or extract data.
Question
Which of the following BEST describes a SQL Injection attack?
Options
- AThe attacker attempts to have the receiving server pass information to a back-end database from
- BThe attacker attempts to have the receiving server run a payload using programming commonly
- CThe attacker overwhelms a system or application, causing it to crash and bring the server down
- DThe attacker overwhelms a system or application, causing it to crash, and then redirects the memory
How the community answered
(34 responses)- A88% (30)
- B6% (2)
- C3% (1)
- D3% (1)
Why each option
A SQL injection attack involves inserting malicious SQL code into input fields so that the server passes it to a back-end database, allowing the attacker to manipulate or extract data.
SQL injection works by embedding SQL statements into user-supplied input that an application forwards unsanitized to a back-end database. The database then executes the injected commands, potentially exposing, modifying, or deleting data, which precisely matches choice A.
Running a payload using common programming languages describes a code injection or cross-site scripting (XSS) attack, not SQL injection.
Overwhelming a system to cause a crash describes a Denial of Service (DoS) attack, not SQL injection.
Crashing a system and redirecting memory describes a buffer overflow or DoS-based attack, not SQL injection.
Concept tested: SQL injection attack definition and mechanism
Source: https://owasp.org/www-community/attacks/SQL_Injection
Topics
Community Discussion
No community discussion yet for this question.