What attack is commonly used to gain unauthorized access to a database?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Prepare for the Certified Ethical Hacker Version 11 Exam. Study with comprehensive questions and explanations. Equip yourself with the skills needed for success!

Multiple Choice

What attack is commonly used to gain unauthorized access to a database?

Explanation:
SQL injection attacks exploit insecure input handling to alter the database query that a web application builds from user input, allowing unauthorized access or data extraction. When an application constructs SQL statements by directly concatenating user input without proper validation or parameterization, an attacker can inject SQL fragments that change the query’s logic, such as bypassing authentication or pulling data from tables. For example, supplying crafted input in a login form can convert a normal query into one that always evaluates to true, granting access. Preventing this relies on parameterized queries or prepared statements, strict input validation, and least-privilege database accounts. Cross-Site Scripting focuses on injecting scripts into webpages to run in other users’ browsers, not on directly accessing the database. A buffer overflow aims at memory corruption to execute arbitrary code on a system, which is a broader attack vector but not specifically a database-access technique. Phishing targets people to steal credentials through deception, not by manipulating database queries.

SQL injection attacks exploit insecure input handling to alter the database query that a web application builds from user input, allowing unauthorized access or data extraction. When an application constructs SQL statements by directly concatenating user input without proper validation or parameterization, an attacker can inject SQL fragments that change the query’s logic, such as bypassing authentication or pulling data from tables. For example, supplying crafted input in a login form can convert a normal query into one that always evaluates to true, granting access. Preventing this relies on parameterized queries or prepared statements, strict input validation, and least-privilege database accounts.

Cross-Site Scripting focuses on injecting scripts into webpages to run in other users’ browsers, not on directly accessing the database. A buffer overflow aims at memory corruption to execute arbitrary code on a system, which is a broader attack vector but not specifically a database-access technique. Phishing targets people to steal credentials through deception, not by manipulating database queries.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy