Exam 312-50v12 topic 1 question 77 discussion

D. Time-based and boolean-based like 312-50V11 Q182

D. Time-based and boolean-based: This option involves two techniques that are relevant to the described scenario. Time-based SQL injection is used to measure response time to determine true or false conditions, which fits Jane's requirements. Boolean-based SQL injection is used to send an SQL query that can be evaluated in a true or false context, which also matches what Jane is attempting to achieve.

well...it has the time word and the true and false wards...there's only 1 option that has both

chat GPT says option C i am really confused . anyone pls correct that problem

D. Time-based and boolean-based

Time-based SQL Injection: This technique involves causing the database to delay its response, allowing the attacker to infer information based on the response time. By injecting malicious SQL code that includes time-delay functions (such as WAITFOR DELAY in Microsoft SQL Server or SLEEP() in MySQL), the attacker can observe whether the web application's response time changes, indicating a successful injection. Union-based SQL Injection: This technique involves exploiting a vulnerability in the SQL query to manipulate the structure of the query and retrieve data from other database tables. The attacker uses the UNION SQL operator to combine the results of their malicious query with the original query, extracting data from different tables and columns. The attacker can use boolean conditions to test whether certain conditions are true or false.

Answer B (Union-based and error base - sub category of IN-BAND SQLinjection) https://www.acunetix.com/websitesecurity/sql-injection2/ Union-based SQLi: leverages the UNION SQL operator to combine the results of two or more SELECT statements into a single result which is then returned as part of the HTTP response

D. Time-based and boolean-based

The correct option is D. D. Time-based and boolean-based

C. Time-based and union-based Time-based injection would allow her to test the response time of a true or false response. Union-based injection would allow her to use a second command to determine whether the database will return true or false results for user IDs.

Time-based cuz is blind and yes or no its boolean.

D. Time-based and boolean-based

A. Out of band and boolean-based. Out of band SQL injection involves using an out-of-band (OOB) channel to communicate with the attacker's system. The attacker typically uses this method when the vulnerable application is unable to retrieve data from the database and display it on the web page. The OOB channel can be used to retrieve the data from the database and send it to the attacker's system. Boolean-based SQL injection involves using true or false conditions to infer information about the database. This method involves injecting SQL statements that force the database to return a true or false response, depending on whether the statement is correct or not. By analyzing the response, an attacker can determine whether the injected SQL statement was executed or not.