5-Exploitation Flashcards
1-Database Enumeration 2-Reading Files 3-Writing Files
What is the primary purpose of database fingerprinting in the context of SQL injections?
A) To determine the best database for the application.
B) To identify the type of database management system (DBMS) being used.
C) To optimize the database’s performance.
D) To repair corrupted database files.
B) To identify the type of database management system (DBMS) being used.
Explanation: Database fingerprinting in SQL injections is used to identify the type of DBMS to tailor the injection techniques and queries accordingly.
Which SQL query can be used to determine if the database is MySQL or MariaDB?
A) SELECT @@version
B) SELECT DATABASE()
C) SELECT * FROM users
D) UPDATE SET version = ‘new’
A) SELECT @@version
Explanation: The SELECT @@version query returns the version of the DBMS, which helps in identifying whether it’s MySQL, MariaDB, or another type.
How does the INFORMATION_SCHEMA database assist in SQL injections?
A) It stores user data such as passwords.
B) It contains metadata about the database’s structure, such as tables and columns.
C) It encrypts data to prevent SQL injection.
D) It logs SQL injection attempts.
B) It contains metadata about the database’s structure, such as tables and columns.
Explanation: The INFORMATION_SCHEMA database is critical in SQL injections for gathering metadata about the database’s structure, including tables and columns, which facilitates data extraction.
What does the SCHEMATA table in the INFORMATION_SCHEMA database provide?
A) Information about user privileges.
B) Details about stored procedures.
C) Names of all databases on the server.
D) The history of all database transactions.
C) Names of all databases on the server.
Explanation: The SCHEMATA table contains information about all databases present on the server, useful for targeting specific databases in SQL injection attacks.
What is indicated by an error message when using the ORDER BY clause in SQL injection?
A) The database is fully secured against injections.
B) There are no more columns beyond the point that triggered the error.
C) The SQL query is fully optimized.
D) All columns are accessible without restrictions.
B) There are no more columns beyond the point that triggered the error.
Explanation: An error in SQL injection using the ORDER BY clause indicates that there are no columns beyond the number specified, revealing the total number of columns in the table.
What is the significance of using a UNION SELECT query in SQL injections?
A) To update data in the database.
B) To delete data from the database.
C) To extract data from multiple tables or columns together.
D) To create new tables in the database.
C) To extract data from multiple tables or columns together.
Explanation: UNION SELECT queries in SQL injections are significant for combining data from multiple tables or columns into a single query result, aiding in data exfiltration.
Why might you use the database() SQL function in an SQL injection?
A) To delete the current database.
B) To determine the name of the currently used database.
C) To list all users in the database.
D) To reset the database to its default settings.
B) To determine the name of the currently used database.
Explanation: The database() function is used in SQL injections to determine the name of the database currently in use, which is crucial for crafting precise SQL queries.
In SQL injection, why is it important to know which columns are displayed on a webpage?
A) To ensure that injected queries produce visible results.
B) To increase the speed of the database response.
C) To prevent the database from logging injection attempts.
D) To encrypt the output of injected queries.
A) To ensure that injected queries produce visible results.
Explanation: Knowing which columns are displayed is crucial in SQL injection to ensure that the results of injected queries are visible on the webpage, confirming the success of the injection.
What role does the TABLES table in the INFORMATION_SCHEMA database play in SQL injection?
A) It provides information about all tables in the database.
B) It stores backup copies of all tables.
C) It logs changes made to table structures.
D) It restricts access to confidential tables.
A) It provides information about all tables in the database.
Explanation: The TABLES table is used in SQL injections to obtain information about all tables within a database, helping attackers target specific tables for data extraction.
How can the COLUMNS table in the INFORMATION_SCHEMA database aid an attacker performing SQL injection?
A) By revealing the names of all columns in a specific table.
B) By encrypting column names to protect against SQL injection.
C) By limiting the number of columns an attacker can query.
D) By tracking the changes made to column data.
A) By revealing the names of all columns in a specific table.
Explanation: The COLUMNS table is crucial for SQL injections as it reveals the names of all columns within a table, enabling precise targeting of data retrieval queries.
What SQL function is used to read files from the server’s file system in MySQL?
A) READ_FILE()
B) LOAD_FILE()
C) GET_FILE()
D) FETCH_FILE()
B) LOAD_FILE()
Explanation: The LOAD_FILE() function in MySQL and MariaDB is used to read data from files located on the server’s file system.
What privilege must a database user have to use the LOAD_FILE() function in MySQL?
A) EXECUTE
B) CREATE
C) FILE
D) ADMIN
C) FILE
Explanation: To use the LOAD_FILE() function, the database user must have the FILE privilege, which allows reading from and writing to files on the server.
Which SQL command can be used to determine the current database user’s privileges?
A) SHOW GRANTS
B) SHOW PRIVILEGES
C) LIST PRIVILEGES
D) DISPLAY GRANTS
A) SHOW GRANTS
Explanation: The SHOW GRANTS command is used to display the privileges granted to the current database user, which is essential for determining what actions the user can perform, including file reading.
How can you determine the current user in a MySQL database?
A) SELECT USER()
B) SELECT CURRENT_USER
C) USER_LIST()
D) GET_USER()
A) SELECT USER()
Explanation: The SELECT USER() function is used to determine the current user in a MySQL database, which is crucial for assessing the user’s privileges.
Why is it important to check if a database user has superuser privileges when performing SQL injection?
A) Superuser privileges allow the user to modify database settings.
B) Superuser privileges may restrict file access.
C) Superuser privileges include the ability to read and write files.
D) Superuser privileges prevent the user from executing SQL queries.
C) Superuser privileges include the ability to read and write files.
Explanation: Having superuser privileges often means the user has extensive access rights, including the ability to read and write files on the server, which is vital for exploiting SQL injection fully.
What does a successful output of SELECT LOAD_FILE(‘/etc/passwd’); indicate?
A) The server is secure.
B) The file /etc/passwd does not exist.
C) The database user has sufficient privileges to read the file.
D) The database has been compromised.
C) The database user has sufficient privileges to read the file.
Explanation: A successful output from this command indicates that the database user has enough privileges to read the /etc/passwd file, which contains sensitive information about system users.
What type of SQL injection uses the LOAD_FILE() function?
A) Blind SQL Injection
B) Error-based SQL Injection
C) Union-based SQL Injection
D) Time-based SQL Injection
C) Union-based SQL Injection
Explanation: Union-based SQL Injection can utilize the LOAD_FILE() function to read files and merge this data with data from other queries, displaying it as part of the web application’s output.
What is a common limitation when using the LOAD_FILE() function in SQL injections?
A) It can only read text files.
B) It requires the file path to be known.
C) It can decrypt encrypted files.
D) It can only read files created by the database user.
B) It requires the file path to be known.
Explanation: A significant limitation of the LOAD_FILE() function is that the full path of the file must be known beforehand, which can be a barrier unless the path is guessed or obtained from another source.
What potential security risk does reading files via SQL injection pose?
A) It may slow down the database.
B) It might expose sensitive data stored in files.
C) It can only show outdated data.
D) It exposes the data to other databases.
B) It might expose sensitive data stored in files.
Explanation: Reading files via SQL injection poses a severe security risk as it can expose sensitive data stored in files, such as passwords, configuration files, or even proprietary data.
How can you enhance the security of a database to prevent the use of functions like LOAD_FILE()?
A) Remove all file permissions from database users.
B) Grant FILE privilege to all users.
C) Regularly change the paths of important files.
D) Encrypt all files on the server.
A) Remove all file permissions from database users.
Explanation: Enhancing database security to prevent unauthorized file access includes removing the FILE privilege from all non-administrative database users, thereby restricting their ability to read and write files on the server.
What privilege is required for a user to write files on a MySQL database server?
A) READ
B) WRITE
C) FILE
D) ADMIN
C) FILE
Explanation: The FILE privilege is necessary for a user to write files on a MySQL database server, as it allows the user to read and write files on the server’s file system.
What does the MySQL secure_file_priv variable control?
A) The encryption level for stored files
B) The directory from which files can be read and written
C) The size limit of files that can be stored in the database
D) The backup schedule for database files
B) The directory from which files can be read and written
Explanation: The secure_file_priv variable specifies a directory from which MySQL can read files and into which files can be written, serving as a security measure to limit file access.
What SQL statement is used to write query results into a file in MySQL?
A) WRITE TO FILE
B) EXPORT TO FILE
C) SELECT INTO OUTFILE
D) SAVE AS FILE
C) SELECT INTO OUTFILE
Explanation: The SELECT INTO OUTFILE statement in MySQL is used to write the results of a query directly into a file on the server’s file system.
Why might a DBA disable the FILE privilege in a MySQL environment?
A) To improve query performance
B) To reduce storage use
C) To prevent unauthorized file access and modification
D) To comply with data encryption standards
C) To prevent unauthorized file access and modification
Explanation: Disabling the FILE privilege is a security measure to prevent unauthorized users from reading from or writing to the server’s file system, thus protecting against certain types of SQL injection attacks.
