ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam PT0-002 All Questions

View all questions & answers for the PT0-002 exam
Go to Exam

Exam PT0-002 topic 1 question 188 discussion

Actual exam question from CompTIA's PT0-002
Question #: 188
Topic #: 1
[All PT0-002 Questions]

A penetration tester is looking for vulnerabilities within a company's web application that are in scope. The penetration tester discovers a login page and enters the following string in a field:

1;SELECT Username, Password FROM Users;

Which of the following injection attacks is the penetration tester using?

  • A. Blind SQL
  • B. Boolean SQL
  • C. Stacked queries
  • D. Error-based
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by masso435 at Dec. 5, 2022, 6:43 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
RRabbit_111
Highly Voted 2 years, 5 months ago
Selected Answer: C
C. Stacked queries The string entered by the tester is an example of a stacked query, also known as a multiple query injection. It attempts to inject an additional SQL query into an existing one by stacking the new query on top of the original one. This can be used to extract sensitive information from the database, such as usernames and passwords. A blind SQL injection is when the attacker is able to send commands to the database but is unable to see the result of these commands, usually due to the lack of error messages. Boolean SQL injection is a type of SQL injection where the attacker will insert a payload that will cause a query to return true or false. Error-based SQL injection is a type of SQL injection where the attacker sends payloads that cause the database to return error messages.
upvoted 12 times
RRabbit_111
2 years, 5 months ago
notice the two semicolons ; stacked
upvoted 14 times
outnumber_gargle024
1 year, 1 month ago
solid tip here thanks
upvoted 1 times
...
...
...
Etc_Shadow28000
Most Recent 1 year ago
Selected Answer: C
Why C. Stacked queries is correct: • Stacked queries involve adding additional SQL statements to the original query, separated by a semicolon (;). This technique allows the attacker to execute multiple queries in a single request. The provided string 1;SELECT Username, Password FROM Users; is a clear example of this approach, as it combines an initial input value (1) with an additional SQL query. Conclusion: The penetration tester is using a stacked queries SQL injection attack. Therefore, option C is the correct answer.
upvoted 1 times
...
solutionz
1 year, 11 months ago
Selected Answer: C
The query provided by the penetration tester is attempting to execute more than one SQL command in a single call. This is known as stacking queries, where multiple SQL queries are separated by a semicolon. So the correct answer is: C. Stacked queries
upvoted 1 times
...
nickwen007
2 years, 4 months ago
C. Stacked queries is the injection attack the penetration tester is using. Stacked queries, also known as Multi-Statement or Batched Queries, are a type of SQL injection attack that combines multiple SQL statements into one query. This attack can be used to bypass authentication and authorization processes by allowing an attacker to gain access to restricted data.
upvoted 4 times
...
cy_analyst
2 years, 4 months ago
Selected Answer: C
This is because the attacker is attempting to execute multiple SQL statements within the same query by using the semicolon (;) as a separator. The first statement is a valid login attempt (i.e., "1" is the username), and the second statement attempts to extract sensitive information (i.e., the username and password of all users).
upvoted 3 times
[Removed]
2 years, 4 months ago
Yes C is the answer
upvoted 2 times
...
...
kloug
2 years, 4 months ago
cccccccc
upvoted 3 times
...
[Removed]
2 years, 5 months ago
Ithink D Error based
upvoted 1 times
...
Hskwkhfb
2 years, 7 months ago
Blind SQL
upvoted 1 times
...
masso435
2 years, 7 months ago
This is a SQL UNION attack. I don't see an answer for this.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel