Jimmy, an attacker, knows that he can take advantage of poorly designed input validation routines
to create or alter SQL commands to gain access to private data or execute commands in the
database. What technique does Jimmy use to compromise a database?
A.
Jimmy can submit user input that executes an operating system command to compromise a
target system
B.
Jimmy can gain control of system to flood the target system with requests,preventing legitimate
users from gaining access
C.
Jimmy can utilize an incorrect configuration that leads to access with higher-than expected
privilege of the database
D.
Jimmy can utilize this particular database threat that is an SQL injection technique to penetrate
a target system
D. Jimmy can utilize this particular database threat that is an SQL injection technique to penetrate a target system.
D
D is a better answer.
I know A is “command injection.” But the description is ambiguous.
We can also take advantage of SQL injection to “submit user input that executes an operating system command to compromise a target system.”
If an attacker knows an exploit there is no argument worth challenging what an attacker knows, knowing full well an attacker attacks with what an attacker knows to use.