Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

SQL INJECTION FUNDAMENTALS > 4-SQL Injections > Flashcards

4-SQL Injections Flashcards

1-Intro to SQL Injections 2-Subverting Query Logic 3-Using Comments 4-Union Clause 5-Union Injection

1
Q

What is SQL Injection?
A) A type of network attack that disrupts database connections
B) A security measure to prevent unauthorized database access
C) A technique used to attack data-driven applications by inserting malicious SQL statements into execution fields
D) A method of optimizing SQL queries to improve performance

A

C) A technique used to attack data-driven applications by inserting malicious SQL statements into execution fields

Explanation: SQL Injection is a technique where an attacker injects malicious SQL statements into the execution fields of a data-driven application, which can manipulate or steal data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

How can SQL Injection occur in web applications?
A) By properly sanitizing user inputs
B) By using parameterized queries
C) By directly including unsanitized user input in SQL queries
D) By restricting database user privileges

A

C) By directly including unsanitized user input in SQL queries

Explanation: SQL Injection typically occurs when user input is included directly into SQL queries without proper sanitization, allowing attackers to manipulate the queries.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the primary defense against SQL Injection?
A) Implementing strict network access controls
B) Using complex SQL commands
C) Sanitizing and validating all user inputs
D) Increasing the number of database administrators

A

C) Sanitizing and validating all user inputs

Explanation: The primary defense against SQL Injection is sanitizing and validating all user inputs to ensure that they do not contain malicious SQL.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which PHP function demonstrates a vulnerable way to handle user input for SQL queries?
A) mysqli_real_escape_string()
B) prepare()
C) query() with direct user input concatenation
D) bindParam()

A

C) query() with direct user input concatenation

Explanation: Using the query() function with direct concatenation of user inputs, as shown in the document, demonstrates a vulnerable approach that can lead to SQL Injection.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What does the following PHP code snippet indicate about SQL Injection risk?
~~~
$query = “SELECT * FROM users WHERE username = ‘” . $username . “’”;
~~~
A) It is secure against SQL Injection because it uses single quotes.
B) It is vulnerable to SQL Injection if $username is not properly sanitized.
C) It is only vulnerable to XSS attacks, not SQL Injection.
D) It is safe as long as the database uses encryption.

A

B) It is vulnerable to SQL Injection if $username is not properly sanitized.

Explanation: The code snippet is vulnerable to SQL Injection if the variable $username is not properly sanitized, as it directly includes user input in the SQL query.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What type of SQL Injection involves errors displayed by the database to help the attacker?
A) Union-based SQL Injection
B) Error-based SQL Injection
C) Blind SQL Injection
D) Time-based SQL Injection

A

B) Error-based SQL Injection

Explanation: Error-based SQL Injection exploits error messages from the database to gather information about its structure, which can be used by the attacker.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

How can an attacker use the SQL UNION operator in an SQL Injection attack?
A) To delete data from the database
B) To modify database permissions
C) To combine results of two queries into a single result set
D) To perform a denial of service attack

A

C) To combine results of two queries into a single result set

Explanation: In an SQL Injection attack, the UNION operator can be used to combine the results of two distinct queries into a single result set, potentially disclosing sensitive data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is Blind SQL Injection?
A) An attack that is immediately visible to the database administrator
B) An attack that uses boolean conditions to infer data from the database
C) An attack that directly reveals database errors
D) An attack that involves direct interaction with the database’s physical server

A

B) An attack that uses boolean conditions to infer data from the database

Explanation: Blind SQL Injection involves crafting SQL queries that return true or false results based on boolean conditions, allowing the attacker to infer data without directly seeing it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the purpose of the LIKE SQL operator in an injection attack?
A) To update data in the database
B) To format retrieved data
C) To search for a specific pattern in column data
D) To encrypt data

A

C) To search for a specific pattern in column data

Explanation: In SQL Injection, the LIKE operator can be used to search for data that matches a specific pattern, which can be exploited to extract information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which SQL Injection method involves delaying the response from the database?
A) Union-based SQL Injection
B) Error-based SQL Injection
C) Blind SQL Injection
D) Time-based SQL Injection

A

D) Time-based SQL Injection

Explanation: Time-based SQL Injection involves queries that delay the database response, using functions like SLEEP(), to infer information based on the response time.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is the goal of subverting query logic in the context of SQL injection?
A) To speed up database performance
B) To bypass web application security mechanisms
C) To enhance database encryption
D) To create more efficient SQL queries

A

B) To bypass web application security mechanisms

Explanation: Subverting query logic in SQL injection aims to bypass security mechanisms, often to gain unauthorized access or retrieve sensitive data from a web application.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

How can the SQL OR operator be used to bypass authentication?
A) By making the query return false regardless of input
B) By ensuring both conditions must be true for the query to return true
C) By allowing the query to return true if at least one of the conditions is true
D) By making the query dependent on user input only

A

C) By allowing the query to return true if at least one of the conditions is true

Explanation: The OR operator can bypass authentication by allowing the query to return true if at least one condition is true, which can be manipulated by SQL injection to always be true.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is the typical result when an SQL query includes an incorrect number of quotes due to injection?
A) The query runs faster
B) The database automatically corrects the syntax
C) It leads to a syntax error in the SQL query
D) It optimizes the query’s execution plan

A

C) It leads to a syntax error in the SQL query

Explanation: An incorrect number of quotes in an SQL query due to injection often results in a syntax error, which can indicate to an attacker that the input is being processed in the query.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What does the SQL injection payload admin’ OR ‘1’=’1 aim to achieve?
A) It restricts the query results to the admin user only
B) It deletes the admin user from the database
C) It allows the query to always return true, bypassing authentication
D) It encrypts the communication between the client and server

A

C) It allows the query to always return true, bypassing authentication

Explanation: The payload admin’ OR ‘1’=’1 is designed to make the SQL query always return true, effectively bypassing authentication by subverting the query logic.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What might a successful SQL injection indicate about the web application’s security?
A) High level of encryption
B) Robust error handling
C) Insufficient input sanitization
D) Strong user authentication mechanisms

A

C) Insufficient input sanitization

Explanation: A successful SQL injection typically indicates insufficient input sanitization, allowing attackers to inject malicious SQL into the application.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

In SQL injection, what is the purpose of using comments (– or #)?
A) To annotate the SQL code for better readability
B) To deactivate certain parts of the SQL query to manipulate its logic
C) To encrypt the remainder of the SQL query
D) To increase the execution speed of the query

A

B) To deactivate certain parts of the SQL query to manipulate its logic

Explanation: In SQL injection, comments are used to deactivate parts of the SQL query to manipulate its logic and bypass security measures, such as authentication.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Which SQL operator is crucial for performing an authentication bypass during an SQL injection attack?
A) AND
B) OR
C) NOT
D) LIKE

A

B) OR

Explanation: The OR operator is crucial in SQL injection attacks for performing authentication bypasses, as it allows parts of the SQL query to return true, potentially ignoring other conditions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What character is commonly injected into SQL queries to disrupt their structure?
A) *
B) %
C) #
D) ‘ (single quote)

A

D) ‘ (single quote)

Explanation: The single quote (‘) is commonly injected into SQL queries to disrupt their structure by prematurely terminating text strings, leading to syntax errors or altered query logic.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What type of SQL injection involves adding SQL code after a valid input?
A) Tautology-based SQL injection
B) Union-based SQL injection
C) Piggy-backed SQL injection
D) Inference-based SQL injection

A

C) Piggy-backed SQL injection

Explanation: Piggy-backed SQL injection involves adding additional SQL statements or code after a valid input to execute unauthorized commands or bypass security.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What method is described by injecting 1’=’1 into a SQL query?
A) Length-based SQL injection
B) Performance-based SQL injection
C) Tautology-based SQL injection
D) Encryption-based SQL injection

A

C) Tautology-based SQL injection

Explanation: Injecting 1’=’1 is a method of tautology-based SQL injection where the injection forces the query to always evaluate to true, subverting its logic.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What is the primary use of comments in SQL queries?
A) To increase the execution speed of queries
B) To document the code or disable certain parts of the query
C) To format the output of the query
D) To connect to the database

A

B) To document the code or disable certain parts of the query

Explanation: In SQL, comments are used to document the code or to disable certain parts of the query, which can be exploited in SQL injection to ignore parts of the SQL command.

22
Q

How can the comment – be used to facilitate an SQL injection attack?
A) By encrypting malicious SQL code
B) By making the query case-sensitive
C) By ending the query prematurely to ignore subsequent conditions
D) By concatenating queries

A

C) By ending the query prematurely to ignore subsequent conditions

Explanation: The – comment in SQL is used to make the database ignore the rest of the query, effectively allowing attackers to end queries prematurely and manipulate query logic for unauthorized actions.

23
Q

Which SQL comment symbol requires a space after the dashes to be recognized as a comment?
A) /* */
B) –
C) #
D) – -

A

B) –

Explanation: In SQL, the – comment symbol must be followed by at least one whitespace character to be recognized as a comment.

24
Q

In the context of SQL injection, what is the purpose of injecting admin’– into a username field?
A) To delete the admin user from the database
B) To update the admin’s password
C) To bypass authentication checks by commenting out the rest of the SQL command
D) To lock the admin account

A

C) To bypass authentication checks by commenting out the rest of the SQL command

Explanation: Injecting admin’– into a username field during SQL injection is used to comment out the remainder of the SQL command, effectively bypassing password checks and other conditions.

25
Q

What might indicate that a web application’s login form is vulnerable to SQL injection using comments?
A) The form accepts usernames without special characters
B) The form returns generic error messages
C) The form crashes or shows database errors when input includes comment syntax like –
D) The form requires both a username and a password

A

C) The form crashes or shows database errors when input includes comment syntax like –

Explanation: If entering SQL comment syntax like – into a form results in database errors or unusual behaviors, it might indicate that the application is vulnerable to SQL injection.

26
Q

Why is the URL-encoded comment symbol %23 necessary in some SQL injection attacks?
A) To bypass URL parsers that treat # as a fragment identifier
B) To increase the length of the query for buffer overflow
C) To enable multi-threaded query execution
D) To encode the query for secure transmission over the network

A

A) To bypass URL parsers that treat # as a fragment identifier

Explanation: The URL-encoded symbol %23 is used for # in SQL injections within URLs because the # symbol is interpreted by browsers as a fragment identifier, and not passed to the server.

27
Q

What happens when a query is injected with admin’– and there is no closing parenthesis in the original SQL command?
A) The query will automatically close any open parentheses
B) The query will fail due to a syntax error
C) The query will ignore the lack of a closing parenthesis
D) The query will correct itself by adding necessary syntax

A

B) The query will fail due to a syntax error

Explanation: If a query injected with admin’– lacks a closing parenthesis needed by the original syntax, it will result in a syntax error because the structure of the command is broken.

28
Q

What SQL comment type is not commonly used in SQL injections and why?
A) Line comments (–), because they are too conspicuous
B) Block comments (/* */), because they are not supported in all databases
C) Hash comments (#), because they are less effective at hiding subsequent SQL commands
D) In-line comments (/**/), because they can’t effectively disable parts of a query in most injection scenarios

A

D) In-line comments (/**/), because they can’t effectively disable parts of a query in most injection scenarios

Explanation: In-line comments (/**/) are not commonly used in SQL injections because they do not start and stop within the same line, making them less practical for disabling parts of a query.

29
Q

How can comments be used to bypass a login authentication that checks both username and password?
A) By injecting a comment after the username to ignore the password condition
B) By adding a comment to encrypt the password
C) By using a comment to split the query into two parts
D) By commenting out the username check to focus on the password

A

A) By injecting a comment after the username to ignore the password condition

Explanation: Injecting a comment after the username field in an SQL query can be used to ignore the password verification part of the query, effectively bypassing the authentication check.

30
Q

What does the injection of admin’)– aim to achieve in a query with parentheses?
A) To ensure the query only returns admin records
B) To cause a database error and reveal its structure
C) To close an open parenthesis and comment out the rest of the query for unauthorized access
D) To initiate a stored procedure

A

C) To close an open parenthesis and comment out the rest of the query for unauthorized access

Explanation: Injecting admin’)– closes an open parenthesis and uses comments to ignore the remainder of the query, manipulating the logic for unauthorized access, such as logging in without a valid password.

31
Q

What is the primary purpose of the SQL UNION clause?
A) To update data across multiple tables simultaneously
B) To delete records from multiple tables in one operation
C) To combine the results of two or more SELECT statements into a single result set
D) To compare the results of two or more SELECT statements

A

C) To combine the results of two or more SELECT statements into a single result set

Explanation: The UNION clause in SQL is used to combine the results of two or more SELECT statements into a single result set, including only distinct rows.

32
Q

What requirement must be met for the UNION clause to function correctly?
A) All SELECT statements within the UNION must have the same number of columns
B) All SELECT statements within the UNION must return the same data types
C) Both A and B
D) None of the above

A

C) Both A and B

Explanation: For the UNION clause to work, all SELECT statements within the UNION must have the same number of columns, and these columns must have compatible types.

33
Q

What happens if SELECT statements within a UNION have a different number of columns?
A) The SQL engine automatically adjusts the number of columns
B) An error is generated
C) The query executes but skips mismatched columns
D) Extra columns are filled with NULL values

A

B) An error is generated

Explanation: If SELECT statements within a UNION have different numbers of columns, the database will generate an error indicating that the SELECT statements have a different number of columns.

34
Q

How can the UNION clause be used in SQL injection attacks?
A) By deleting data from the database
B) By inserting new records into the database
C) By combining results from unauthorized queries with legitimate queries
D) By updating existing records without permission

A

C) By combining results from unauthorized queries with legitimate queries

Explanation: In SQL injection attacks, the UNION clause can be used to append unauthorized queries to legitimate queries, allowing attackers to retrieve additional data not intended for disclosure.

35
Q

What kind of data type issues might you encounter when using the UNION clause in SQL injections?
A) The data types in each column of the SELECT statements must match
B) Numeric data types cannot be combined with string data types
C) Date types must be converted to strings
D) All columns must be of integer type

A

A) The data types in each column of the SELECT statements must match

Explanation: When using the UNION clause, particularly in SQL injections, it’s crucial to ensure that the data types in each column of the combined SELECT statements are compatible to avoid errors.

36
Q

What is a practical use of the UNION clause in database management outside of SQL injection scenarios?
A) To optimize the database for faster querying
B) To combine similar data from different tables for reporting purposes
C) To enforce foreign key constraints across tables
D) To create new tables from existing ones

A

B) To combine similar data from different tables for reporting purposes

Explanation: A practical and legitimate use of the UNION clause is to combine similar data from different tables, which is particularly useful in reporting and data analysis.

37
Q

How can SQL comments (–) be used effectively with the UNION clause in an SQL injection attack?
A) To disable error messages
B) To add more conditions to the query
C) To comment out the rest of the original SQL query after the UNION injection
D) To separate columns in the SELECT statement

A

C) To comment out the rest of the original SQL query after the UNION injection

Explanation: In SQL injection attacks, comments (–) are often used after a UNION clause to comment out the remainder of the original SQL query, preventing it from interfering with the injected query.

38
Q

When dealing with SQL injections using UNION, why might you use placeholders like ‘junk’ or numeric values?
A) To ensure that the number of columns in injected queries matches those in the original query
B) To improve the readability of the SQL code
C) To secure the database from further injections
D) To comply with SQL syntax rules without adding meaningful data

A

A) To ensure that the number of columns in injected queries matches those in the original query

Explanation: In SQL injections, using placeholders such as ‘junk’ or numeric values ensures that the number of columns in the injected UNION query matches those in the original query, which is necessary for the query to execute successfully.

39
Q

What error message do you expect when the UNION clause is incorrectly used with SELECT statements that have mismatched column counts?
A) Syntax error
B) Data type mismatch error
C) Column count mismatch error
D) Permission denied error

A

C) Column count mismatch error

Explanation: If the UNION clause is used with SELECT statements that do not have the same number of columns, a column count mismatch error typically occurs.

40
Q

What is the consequence of successfully using a UNION query in an SQL injection?
A) The database will automatically shut down
B) Unauthorized database modifications
C) Exposure of data from unrelated tables
D) Increased database performance

A

C) Exposure of data from unrelated tables

Explanation: A successful UNION query in an SQL injection can expose data from unrelated tables, combining it with data from the original query, potentially leading to information disclosure.

41
Q

What is the primary purpose of using the UNION clause in SQL injections?
A) To delete data from the database
B) To combine results from multiple SELECT statements into a single output
C) To update records in the database
D) To create new tables in the database

A

B) To combine results from multiple SELECT statements into a single output

Explanation: The UNION clause is used in SQL injections primarily to combine results from multiple SELECT statements into a single output, which can be used to extract data from the database covertly.

42
Q

How can you determine the number of columns in a table using the ORDER BY clause in SQL injection?
A) By updating records until an error occurs
B) By incrementing the column number in the ORDER BY clause until an error is received
C) By deleting columns one by one
D) By listing all columns in the database

A

B) By incrementing the column number in the ORDER BY clause until an error is received

Explanation: In SQL injection, you can determine the number of columns by incrementally using the ORDER BY clause (e.g., ORDER BY 1, ORDER BY 2) until the database returns an error, indicating there are no more columns.

43
Q

What indicates a successful UNION injection?
A) The database returns an error
B) The application crashes
C) The combined results from the injected UNION query are displayed
D) The server becomes unresponsive

A

C) The combined results from the injected UNION query are displayed

Explanation: A successful UNION injection is indicated when the combined results from the injected UNION query are displayed, meaning the injection aligned the number of columns correctly and bypassed security filters.

44
Q

Why must the number of columns in the injected UNION query match the number of columns in the original query?
A) To prevent the database from crashing
B) To comply with SQL syntax rules and ensure the query executes
C) To speed up the query execution
D) To encrypt the data being extracted

A

B) To comply with SQL syntax rules and ensure the query executes

Explanation: The number of columns in the injected UNION query must match those in the original query to comply with SQL syntax rules, ensuring that the query executes without errors.

45
Q

What is the purpose of injecting “junk” data in a UNION query in SQL injections?
A) To fill columns that are necessary for syntax but not used for data extraction
B) To increase the security of the database
C) To clean up the database logs
D) To optimize the query performance

A

A) To fill columns that are necessary for syntax but not used for data extraction

Explanation: Injecting “junk” data in a UNION query during SQL injections is done to fill columns that are necessary to match the column count of the original query but are not used for extracting useful data.

46
Q

How can you identify which columns are displayed on a webpage when performing a UNION injection?
A) By causing a database error
B) By injecting sequential numbers or identifiable strings and observing which appear on the page
C) By deleting each column one at a time
D) By encrypting each column’s data

A

B) By injecting sequential numbers or identifiable strings and observing which appear on the page

Explanation: To identify which columns are displayed on a webpage during a UNION injection, inject sequential numbers or identifiable strings in each column and observe which ones appear on the page.

47
Q

What is a common error encountered when the number of columns in UNION injections does not match?
A) Timeout error
B) Syntax error due to column mismatch
C) Authentication error
D) Connection error

A

B) Syntax error due to column mismatch

Explanation: A common error in UNION injections when the column count does not match is a syntax error, specifically stating that the number of columns does not match between the SELECT statements.

48
Q

Why might an attacker use the @@version query in a UNION injection?
A) To delete the version number of the database
B) To update the version number of the database
C) To retrieve the version number of the database
D) To encrypt the version number of the database

A

C) To retrieve the version number of the database

Explanation: An attacker might use the @@version query in a UNION injection to retrieve and display the version number of the database, which can provide information useful for further attacks.

49
Q

What does it mean if a UNION injection displays data from the second column in the injected query?
A) The database does not support UNION injections
B) Only the second column is being displayed by the web application
C) The query is incorrectly formatted
D) All columns are being displayed

A

B) Only the second column is being displayed by the web application

Explanation: If data from the second column in the injected UNION query is displayed, it indicates that the web application is set to display the second column from the query results.

50
Q

What should be the next step if you successfully determine the number of columns using UNION injection?
A) Stop testing as the database is secure
B) Start extracting data by adjusting the UNION query to fetch data from different tables
C) Report the vulnerability to the database administrator
D) Encrypt the data in the database

A

B) Start extracting data by adjusting the UNION query to fetch data from different tables

Explanation: Once the number of columns is determined using UNION injection, the next step is to adjust the UNION query to fetch useful data from other tables in the database.

SQL INJECTION FUNDAMENTALS (6 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions