Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Eccouncil Exam 312-50 Topic 15 Question 93 Discussion

Actual exam question for Eccouncil's 312-50 exam
Question #: 93
Topic #: 15
[All 312-50 Questions]

As a cybersecurity professional, you are responsible for securing a high-traffic web application that uses MySQL as its backend database. Recently, there has been a surge of unauthorized login attempts, and you suspect that a seasoned black-hat hacker is behind them. This hacker has shown proficiency in SQL Injection and

appears to be using the 'UNION' SQL keyword to trick the login process into returning additional data.

However, your application's security measures include filtering special characters in user inputs, a method usually effective against such attacks. In this challenging environment, if the hacker still intends to exploit this SQL Injection vulnerability, which strategy is he most likely to employ?

Show Suggested Answer Hide Answer
Suggested Answer: D

SQL Injection is a type of attack that exploits a vulnerability in a web application that uses a SQL database. The attacker injects malicious SQL code into the user input, such as a login form, that is then executed by the database server. This can allow the attacker to access, modify, or delete data, or execute commands on the database server.

The 'UNION' SQL keyword is often used in SQL Injection attacks to combine the results of two or more SELECT statements into a single result set. This can allow the attacker to retrieve additional data from other tables or columns that are not intended to be displayed by the application. For example, if the application uses the following query to check the user credentials:

SELECT * FROM users WHERE username = '$username' AND password = '$password'

The attacker can inject a 'UNION' statement to append another query, such as:

' OR 1 = 1 UNION SELECT * FROM credit_cards --

This will result in the following query being executed by the database server:

SELECT * FROM users WHERE username = '' OR 1 = 1 UNION SELECT * FROM credit_cards --' AND password = '$password'

The first part of the query will always return true, and the second part of the query will return the data from the credit_cards table. The '--' symbol is a comment that will ignore the rest of the query. The attacker can then see the credit card information in the application's response.

However, some web applications implement security measures to prevent SQL Injection attacks, such as filtering special characters in user inputs. Special characters are symbols that have a special meaning in SQL, such as quotes, semicolons, dashes, etc. By filtering or escaping these characters, the application can prevent the attacker from injecting malicious SQL code. For example, if the application replaces single quotes with two single quotes, the previous injection attempt will fail, as the query will become:

SELECT * FROM users WHERE username = '''' OR 1 = 1 UNION SELECT * FROM credit_cards --'' AND password = '$password'

This will result in a syntax error, as the query is not valid SQL.

In this challenging environment, if the hacker still intends to exploit this SQL Injection vulnerability, the strategy that he is most likely to employ is to bypass the special character filter by encoding his malicious input. Encoding is a process of transforming data into a different format, such as hexadecimal, base64, URL, etc. By encoding his input, the hacker can avoid the filter and still inject malicious SQL code. For example, if the hacker encodes his input using URL encoding, the previous injection attempt will become:

%27%20OR%201%20%3D%201%20UNION%20SELECT%20*%20FROM%20credit_cards%20--

This will result in the following query being executed by the database server, after the application decodes the input:

SELECT * FROM users WHERE username = '' OR 1 = 1 UNION SELECT * FROM credit_cards --' AND password = '$password'

This will succeed in returning the credit card information, as the filter will not detect the special characters in the encoded input.

Therefore, the hacker is most likely to employ the strategy of bypassing the special character filter by encoding his malicious input, which could potentially enable him to successfully inject damaging SQL queries.


SQL Injection | OWASP Foundation

SQL Injection Union Attacks

SQL Injection Bypassing WAF

Contribute your Thoughts:

Venita
2 months ago
Haha, dropping the table? Are you kidding me? That's like bringing a bazooka to a knife fight. Far too obvious, don't you think?
upvoted 0 times
...
Ammie
2 months ago
I don't know, man. If I were the hacker, I'd just try to drop the whole table. That'll really show 'em who's boss!
upvoted 0 times
Clorinda
1 months ago
C) The hacker switches tactics and resorts to a 'time-based blind' SQL Injection attack, which would force the application to delay its response, thereby revealing information based on the duration of the delay
upvoted 0 times
...
Shanda
1 months ago
B) The hacker tries to manipulate the 'UNION' keyword in such a way that it triggers a database error, potentially revealing valuable information about the database's structure
upvoted 0 times
...
Roxanne
1 months ago
A) The hacker alters his approach and injects a 'DROP TABLE' statement, a move that could potentially lead to the loss of vital data stored in the application's database
upvoted 0 times
...
...
Odette
2 months ago
Ooh, this is a tricky one. But I'm betting the hacker will try to manipulate the 'UNION' keyword to trigger a database error. Gotta love those juicy database details!
upvoted 0 times
Broderick
21 days ago
The hacker might attempt to bypass the special character filter by encoding his input.
upvoted 0 times
...
Alba
25 days ago
I believe the hacker will try to manipulate the 'UNION' keyword to reveal database structure.
upvoted 0 times
...
Judy
30 days ago
I think the hacker might go for a 'DROP TABLE' statement to cause some serious damage.
upvoted 0 times
...
...
Gianna
2 months ago
Interesting question. I reckon the hacker would go for the 'time-based blind' SQL Injection attack. Forcing the app to delay its response could reveal some juicy details about the database structure.
upvoted 0 times
...
Elbert
2 months ago
Hmm, I think the hacker would most likely try to bypass the special character filter by encoding his malicious input. That seems like the most logical approach given the information provided.
upvoted 0 times
Milly
1 months ago
D) The hacker attempts to bypass the special character filter by encoding his malicious input, which could potentially enable him to successfully inject damaging SQL queries
upvoted 0 times
...
Shayne
1 months ago
B) The hacker tries to manipulate the 'UNION' keyword in such a way that it triggers a database error, potentially revealing valuable information about the database's structure
upvoted 0 times
...
King
2 months ago
A) The hacker alters his approach and injects a 'DROP TABLE' statement, a move that could potentially lead to the loss of vital data stored in the application's database
upvoted 0 times
...
...
Ressie
2 months ago
I'm not so sure, I think the hacker might go for option B to trigger a database error and reveal information about the database.
upvoted 0 times
...
Glory
2 months ago
I agree with Micheline, option D seems like a plausible strategy for the hacker to exploit the vulnerability.
upvoted 0 times
...
Micheline
2 months ago
I think the hacker might try option D, encoding his input to bypass the filter.
upvoted 0 times
...

Save Cancel