SQL & XML Injections Flashcards

1
Q

What are the 4 main actions inside of SQL that you can use to manipulate?

A
  1. Select - read the data
  2. Insert - Write data
  3. Delete - remove the data
  4. Update - overwrite the data
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is Code Injection?

A

insertion of additional information or code through a data input form from a client to an application

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

On the exam, anytime you see something with an apostrophe and something that equals something, you must automatically think this is..?

A

SQL injection attempt

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is an XML Injection?

A

Extensible Markup Language

used by web applications for authentication, authorization, or other types of data exchange.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is an XML Bomb?

A

Billion Laughs Attack

takes an XML file and then uses encoding to encode entities and expand them into exponential sizes, which will consume memory on the host, and potentially crash it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is an XML External Entity (XXE)?

A

An attacker that embeds a request for a local resource

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

If you see anything on the exam with XML written in it, what should you assume?

A

XML vulnerability

Might be called XML exploitation or XML Injection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly