15 CEH: SQL Injection

Ace your homework & exams now with Quizwiz!

In which of the following evasion techniques does an attacker use a WHERE statement that is always evaluated as *true* so that any mathematical or string comparison can be used, such as "' or '1'='1'"? 1. Declare variables 2. Case variation 3. Variations 4. Null byte

3. Variations

Which of the following tools provides automated web application security testing with innovative technologies including DeepScan and AcuSensor technology? 1. IBM Security AppScan 2. SoftPerfect network scanner 3. Hping2 / Hping3 4. Acunetix web vulnerability scanner

4. Acunetix web vulnerability scanner

Which of the following database management systems contains the system table called "MsysObjects"? 1. Oracle 2. MSSQL 3. MySQL 4. MS Access

4. MS Access

The following query is used to create a database account in *which database server*? exec sp_addlogin 'victor', 'pass123' exec sp_addsrvrolemember 'victor', 'sysadmin'

Microsoft SQL Server

True or false: all relational databases are vulnerable to SQL injection attacks.

True, because the flaw lies in the web application that interacts with the database, not with the database itself

Which of the following functions can be used by an attacker to link a target SQL server's database to the attacker's own machine and retrieve data from the target SQL server database? 1. LOAD_FILE() 2. CONVERT() 3. OPENROWSET() 4. INTO OUTFILE()

3. OPENROWSET()

Which of the following tools is used to build rules that aim to detect SQL injection attacks? 1. Nmap 2. Masscan 3. Snort 4. SuperScan

3. Snort

What character is used in a SQL injection query as a wildcard attribute?

%

What *SQL statement* can be used to determine table and column names?

' group by columnnames having 1=1;--

Identify the reason why Web Applications are vulnerable to SQL injection attacks. 1. Error messages reveal important information 2. Tests the content of string variables and accepts only expected values. 3. Avoid constructing dynamic SQL with concatenated input values. 4. Reject entries that contain binary data, escape sequences, and comment characters.

1. Error messages reveal important information

What 3 *mobile SQL injection tools* does the material recommend?

1. SQLi 2. Droidbug SQLi Spyder 3. sqlmapchik

Which of the following issues can be detected when testers send long strings of junk data, similar to strings for detecting buffer overruns that throw SQL errors on a page? 1. Truncation 2. SQL injection 3. SQL modification 4. Input sanitization

1. Truncation

What 2 *SQL statements* can an attacker use during a *blind SQL injection attack*?

1. WAITFOR DELAY '<HH>:<mm>:<ss>' 2. BENCHMARK(<number of times>, <sql statement>) - Only on MySQL 3. SLEEP - MySQL (doesn't use processor)

What 3 *SQL injection tools* does the material recommend?

1. sqlmap 2. Mole 3. Blisqy

In which of the following techniques does an attacker use logical requests such as AND/OR to bypass a firewall? 1. CRLF technique 2. Blind SQL injection 3. Normalization method 4. HPF technique

2. Blind SQL injection

In which of the following attacks does an attacker use an ORDER BY clause to find the right number of columns in a database table? 1. In-line comments 2. UNION SQL injection 3. Tautology 4. Piggybacked query

2. UNION SQL injection

SQL injection vulnerabilities are a flaw in which of the following? 1. Web server 2. Web application 3. Database

2. Web application

In one of the following defensive techniques, only the list of entities such as data type, range, size, and value that have been approved for secured access are accepted. Which is this technique? 1. Enforcing least privileges 2. Whitelist validation 3. Output encoding 4. Blacklist validation

2. Whitelist validation

In which of the following attacks does an attacker pose a true or false question to an database to determine whether an application is vulnerable to SQL injection? 1. Union SQL injection 2. In-band SQL injection 3. Blind SQL injection 4. Error-based SQL injection

3. Blind SQL injection

Which of the following countermeasures allows developers to protect PL/SQL code from SQL injection attacks? 1. Maximize user inputs to dynamic SQL 2. Always use single quotes 3. Never sanitize user inputs before including them in dynamic SQL statements 4. Make use of bind parameters in dynamic SQL

4. Make use of bind parameters in dynamic SQL

Which of the following system tables does *MS SQL Server database* use to store *metadata*? Hackers can use this system table to acquire database schema information to further compromise the database. 1. sysdbs 2. syscells 3. sysrows 4. sysobjects

4. sysobjects

What is a *blind/inferential SQL injection*?

A SQL injection attack in which the web application either *returns no errors* or *returns a generic web page that doesn't indicate errors*. This type of attack is *time intensive for the attacker*

What is *system stored procedure SQL injection*?

An attacker *exploits the databases' stored procedures*

What is *illegal/logically incorrect query SQL injection*?

An attacker *sends an incorrect query to the database intentionally* to generate an error message that may be helpful in performing further attacks

What is a *piggybacked query SQL injection*?

An attacker injects (appends) an additional malicious query into/onto the original query and both queries are executed

What is an *inline comments SQL injection*?

An attacker integrates multiple vulnerable inputs into a single query using inline comments

What is *error-based* or *illegal/logically incorrect query* *SQL injection*?

An attacker intentionally *inserts bad input* into an application and analyzing the resultant *database errors* to *disclose valuable information*

What is the *heavy query* *blind/inferential SQL injection* technique?

An attacker sends a "heavy" CPU intensive SQL statement to the target and assesses how long it takes them to respond to determine the presence of a SQL injection vulnerability

What is *boolean exploitation blind/inferential SQL injection*?

An attacker sends multiple valid SQL statements that evaluate to true and false and notes the response in the web page to determine the presence of a SQL injection vulnerability

What is *union-based SQL injection*?

An attacker uses a UNION clause to add a malicious query to the requested query

What is the IDS evasion technique that can be used to inject SQL statements into MySQL databases without using double quotes?

CHAR()

What is the SQL injection attack in which an attacker injects statements that are always true so that the queries always return results after evaluating the WHERE condition

Tautology SQL injection

The following query is used to ______________ from a ___________ server. SELECT name FROM syscolumns WHERE id = (SELECT id from sysobjects WHERE name = 'tablename')

perform column enumeration MSSQL

What operator is used for string concatenation in an Oracle database?

||


Related study sets

human structure and movement: knees

View Set

Chapter 16: Disorders of Brain Function

View Set

Entrepreneurship Chapters 10-12 and 1-4

View Set

EXAM 2 Chapter 49 PrepU - Hepatic

View Set

Retirement Planning: Investment Considerations for Retirement Plans (Module 6)

View Set

Introduction to Sociology Ch 15 Questions

View Set

Chapter 1: The Sociological Perspective

View Set

World history Unit 5 test review

View Set