SQL injection attacks are becoming significantly more popular amongst hackers and there
has been an estimated 69 percent increase of this attack type. This exploit is used to great
effect by the hacking community since it is the primary way to steal sensitive data from web
applications. It takes advantage of non-validated input vulnerabilities to pass SQL
commands through a web application for execution by a backend database. The below
diagram shows how attackers launchedSQL injection attacks on web applications.
Which of the following can the attacker use to launch an SQL injection attack?
A.
Blah’ “2=2 –“
B.
Blah’ and 2=2 —
C.
Blah’ and 1=1 —
D.
Blah’ or 1=1 —
“D” ECSAv8 pg. 604
In ECSA exam, D is the correct answer.
However, B and C can be used to detect “boolean-based” sql injection.