SQL Injection

¡Supera tus tareas y exámenes ahora con Quizwiz!

Fill in the blank: ______ function is an IDS evasion technique that can be used to inject SQL statements into MySQL database without using double quotes. CHAR() CONV() ASCIISTR() CHR()

CHAR()

Which of the following is the most effective technique in identifying vulnerabilities or flaws in the web page code? Traffic Analysis Packet Analysis Code Analysis Data Analysis

Code Analysis

Which tool is used to automate SQL injections and exploit a database by forcing a given web application to connect to another database controlled by a hacker? DataThief NetCat Cain and Abel Nmap

DataThief

Which of the following tools is used for detecting SQL injection attacks? Nmap Wireshark IBM Security AppScan NetScanTools Pro

IBM Security AppScan

A tester has been hired to do a web application security test. The tester notices that the site is dynamic and must make use of a back-end database. In order for the tester to see if an SQL injection is possible, what is the first character that the tester should use to attempt breaking a valid SQL request? Semicolon Single quote Exclamation mark Double quote

Single quote

In which of the following attacks does an attacker use an ORDER BY clause to find the right number of columns in a database table? Piggybacked query In-line comments UNION SQL injection Tautology

UNION SQL injection

Which of the following system table does MS SQL Server database use to store metadata? Hackers can use this system table to acquire database schema information to further compromise the database. sysdbs sysrows syscells sysobjects

sysobjects

Robert is a user with a privileged account and he is capable of connecting to the database. Rock wants to exploit Robert's privilege account. How can he do that? Access the database and perform malicious activities at the OS level Reject entries that contain binary data, escape sequences, and comment characters Use the most restrictive SQL account types for applications Design the code in such a way it traps and handles exceptions appropriately

Access the database and perform malicious activities at the OS level

Which of the following tools provides automated web application security testing with innovative technologies including DeepScan and AcuSensor technology? IBM Security AppScan Hping2 / Hping3 SoftPerfect network scanner Acunetix web vulnerability scanner

Acunetix web vulnerability scanner

Which of the following SQL queries is an example of a heavy query used in SQL injection? SELECT Name, Price, Description FROM ITEM_DATA WHERE ITEM_ID = 67 AND 1 = 1 SELECT Name, Phone, Address FROM Users WHERE Id=1 UNION ALL SELECT creditCardNumber,1,1 FROM CreditCardTable SELECT * FROM products WHERE id_product=$id_product SELECT * FROM products WHERE id=1 AND 1 < SELECT count(*) FROM all_users A, all_users B, all_users C

SELECT * FROM products WHERE id=1 AND 1 < SELECT count(*) FROM all_users A, all_users B, all_users C

Which of the following attacks are not performed by an attacker who exploits SQL injection vulnerabilities? Authentication Bypass Remote Code Execution Covering Tracks Information Disclosure

Covering Tracks

Robert, a penetration tester is trying to perform SQL penetration testing on the SQL database of the company to discover coding errors and security loopholes. Robert sends massive amounts of random data to the SQL database through the web application in order to crash the web application of the company. After observing the changes in the output, he comes to know that web application is vulnerable to SQL injection attacks. Which of the following testing techniques is Robert using to find out the loopholes? Fuzzing Testing Stored Procedure Injection Out of Band Exploitation Alternate Encodings

Fuzzing Testing

In which of the following attacks does an attacker use the same communication channel to perform the attack and retrieve the results? Blind SQL injection Out-of-band SQL injection In-band SQL injection Inferential SQL injection

In-band SQL injection

During a penetration test, a tester finds a target that is running MS SQL 2000 with default credentials. The tester assumes that the service is running with a local system account. How can this weakness be exploited to access the system? Using the Metasploit psexec module setting the SA/admin credential Invoking the stored procedure xp_shell to spawn a Windows command shell Invoking the stored procedure cmd_shell to spawn a Windows command shell Invoking the stored procedure xp_cmdshell to spawn a Windows command shell

Invoking the stored procedure xp_cmdshell to spawn a Windows command shell

Michel, a professional hacker, is trying to perform time-based blind SQL injection attacks on the MySQL backend database of RadioTV Inc. He decided to use an SQL injection tool to perform this attack. Michel surfed the Internet and finally found a tool which has the following features: Sends heavy queries to the target database to perform a Time-Based Blind SQL Injection attack. Database Schema extraction from SQL Server, Oracle and MySQL. Data extraction from Microsoft Access 97/2000/2003/2007 databases. Parameter Injection using HTTP GET or POST. Which of the following tools does Michael use to perform time-based blind SQL injection attacks on the MySQL backend database? Marathon Tool SQLiX SQLDict WebCruiser

Marathon Tool

An attacker uses the following SQL query to perform an SQL injection attack SELECT * FROM users WHERE name = '' OR '1'='1'; Identify the type of SQL injection attack performed. Tautology Illegal/Logically Incorrect Query UNION SQL Injection End-of-Line Comment

Tautology

In which of the following attacks does an attacker use a conditional OR clause in such a way that the condition of the WHERE clause will always be true? UNION SQL injection Illegal/logically incorrect query End-of-line comment Tautology

Tautology

Select all correct answers. To defend against SQL injection, a developer needs to take proper actions in configuring and developing an application. Select all correct statements that help in defending against SQL injection attacks. Avoid constructing dynamic SQL with concatenated Input values Ensure that the Web configuration files for each application do not contain sensitive information Keep untrusted data separate from commands and queries Apply input validation only on the client-side

Avoid constructing dynamic SQL with concatenated Input values Ensure that the Web configuration files for each application do not contain sensitive information Keep untrusted data separate from commands and queries

Which of the following attacks is time-intensive because the database should generate a new statement for each newly recovered bit? Blind SQL Injection UNION SQL Injection Error Based SQL Injection In-band SQL Injection

Blind SQL Injection

Steve works as a penetration tester in a firm named InfoSecurity. Recently, Steve was given an assignment to test the security of the company's web applications and backend database. While conducting the test, he sends a malicious SQL query with conditional timing delays to the backend database through the web application. This conditional time delay forces the database to wait for a specified amount of time before responding. He performs the same task using different malicious SQL queries. By observing various query responses from the database, Steve came to know that the web application is vulnerable to an SQL injection attack. What type of SQL injection attack is Steve most likely performing? Blind SQL injection Error-based SQL injection Union-based SQL injection Out-of-band SQL Injection

Blind SQL injection

Which of the following methods carries the requested data to the webserver as a part of the message body? HTTP GET HTTP POST IBM DB2 Cold Fusion

HTTP POST

An attacker injects the following SQL query: blah' AND 1=(SELECT COUNT(*) FROM mytable); -- What is the intention of the attacker? Updating Table Adding New Records Deleting a Table Identifying the Table Name

Identifying the Table Name

In which of the following attacks, does an attacker inject an additional malicious query to the original query? In-line Comments Piggybacked Query Tautology UNION SQL Injection

Piggybacked Query

William has been hired by the ITSec, Inc. to perform web application security testing. He was asked to perform black box penetration testing to test the security of the company's web applications. No information is provided to William about the company's network and infrastructure. William notices that the company website is dynamic and must make use of a backend database. He wants to see if an SQL injection would be possible. As part of the testing, he tries to catch instances where the user input is used as part of an SQL identifier without any input sanitization. Which of the following characters should William use as the input data to catch the above instances? Right square bracket Single quote Double quote Semicolon

Single quote Double quote

Which of the following tools is used to build rules that aim to detect SQL injection attacks? Nmap Snort Masscan SuperScan

Snort

Which of the following countermeasures prevent buffer overruns? Use the most restrictive SQL account types for applications Keep untrusted data separate from commands and queries Test the size and data type of the input and enforce appropriate limits Apply the least privilege rule to run the applications that access the DBMS

Test the size and data type of the input and enforce appropriate limits

A tester has been hired to perform source code review of a web application to detect SQL injection vulnerabilities. As part of the testing process, he needs to get all the information about the project from the development team. During the discussion with the development team, he comes to know that the project is in the initial stage of the development cycle. As per the above scenario, which of the following processes does the tester need to follow in order to save the company's time and money? The tester needs to perform static code analysis as it covers the structural and statement coverage testing The tester needs to perform static code analysis as it covers the executable file of the code The tester needs to perform dynamic code analysis as it uncovers bugs in the software system The tester needs to perform dynamic code analysis as it finds and fixes the defects

The tester needs to perform static code analysis as it covers the structural and statement coverage testing

What is the main difference between a "Normal" SQL injection and a "Blind" SQL injection vulnerability? The request to the webserver is not visible to the administrator of the vulnerable application. The attack is called "Blind" because, although the application properly filters user input, it is still vulnerable to code injection. A successful attack does not show an error message to the administrator of the affected application. The vulnerable application does not display errors with information about the injection results to the attacker.

The vulnerable application does not display errors with information about the injection results to the attacker.

Select all correct answers. In blind SQLi, attackers can steal data by asking a series of true or false questions through SQL statements. Select all the correct types of blind SQL injections. Time Delay Boolean exploitation Tautology System stored procedure

Time Delay Boolean exploitation

SQL injection attacks do not exploit a specific software vulnerability; instead they target websites that do not follow secure coding practices for accessing and manipulating data stored in a relational database. True False

True

Snort is an open-source, free and lightweight network intrusion detection system (NIDS) software for Linux and Windows to detect emerging threats. Snort can be used to detect SQL injection attacks. Identify the correct Snort rule to detect SQL injection attacks. alert tcp $EXTERNAL_NET any -> 172.16.66.23 443 (msg:""SQL Injection attempt on Finance Dept. webserver""; flow:to_server,estahlished; uricontent:"".pl"";pcre:""/(\%27)|(\')|(\-\-)|(%23)|(#)/i""; classtype:Web-application-attack; sid:9099; rev:5;) rule SQLiTester { meta: description = ""SQL Injection tester"" author = ""Ellaria Sand"" date = ""2016-04-26"" hash = ""dc098f88157b5cbf3ffc82e6966634bd280421eb"" strings: $s0 = "" SQL Injection tester"" ascii $s17 = ""/Blind SQL injection tool"" fullword ascii $s18 = ""SELECT UNICODE(SUBSTRING((system_user),{0},1))"" fullword wide condition: uint16(0) == 0x5a4d and filesize < 1040KB and all of them } ule SQLiTester { meta: description = ""SQL Injection tester"" author = ""Ellaria Sand"" date = ""2016-04-26"" hash = ""dc098f88157b5cbf3ffc82e6966634bd280421eb"" strings: $s0 = "" SQL Injection tester"" ascii $s17 = ""/Blind SQL injection tool"" fullword ascii $s18 = ""WAITFOR DELAY '0:0:10' --"" fullword wide condition: uint32(0) == 0x5a4d and filesize < 1040KB and all of them } alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:""SQL Injection attempt on Finance Dept. webserver""; flow:stateless; ack:0; flags:S; ttl:>220; reference:arachnids,439; classtype:attempted-recon; sid:613; rev:6;)"

alert tcp $EXTERNAL_NET any -> 172.16.66.23 443 (msg:""SQL Injection attempt on Finance Dept. webserver""; flow:to_server,estahlished; uricontent:"".pl"";pcre:""/(\%27)|(\')|(\-\-)|(%23)|(#)/i""; classtype:Web-application-attack; sid:9099; rev:5;) rule SQLiTester {

David, a penetration tester, was asked to check the MySQL database of the company for SQL injection attacks. He decided to check the back end database for a double blind SQL injection attack. He knows that double blind SQL injection exploitation is performed based on an analysis of time delays and he needs to use some functions to process the time delays. David wanted to use a function which does not use the processor resources of the server. Which of the following function David need to use? sleep() benchmark() mysql_query() addcslashes()

sleep()

Which of the following commands has to be disabled to prevent exploitation at the OS level? execute xp_cmdshell cat ping

xp_cmdshell


Conjuntos de estudio relacionados

Personal Finance Final Exam Quizlet

View Set

Chapter 12-Microeconomics(Perfect Competition)

View Set

The Amendments: 1798-1870~Amendments XI-XV

View Set

RN Fundamentals Online Practice 2019 A with NGN

View Set

NCLEX - Patients with Dysrhythmias

View Set