ExamTopics Logo
Mail Us[email protected]
Menu
Eccouncil Discussions
exam questions

Exam 312-50v13 All Questions

View all questions & answers for the 312-50v13 exam
Go to Exam

Exam 312-50v13 topic 1 question 135 discussion

Actual exam question from ECCouncil's 312-50v13
Question #: 135
Topic #: 1
[All 312-50v13 Questions]

As a cybersecurity professional, you are responsible for securing a high-traffic web application that uses MySQL as its backend database. Recently, there has been a surge of unauthorized login attempts, and you suspect that a seasoned black-hat hacker is behind them. This hacker has shown proficiency in SQL Injection and appears to be using the 'UNION' SQL keyword to trick the login process into returning additional data. However, your application’s security measures include filtering special characters in user inputs, a method usually effective against such attacks. In this challenging environment, if the hacker still intends to exploit this SQL Injection vulnerability, which strategy is he most likely to employ?

  • A. The hacker tries to manipulate the 'UNION' keyword in such a way that it triggers a database error, potentially revealing valuable information about the database's structure.
  • B. The hacker switches tactics and resorts to a 'time-based blind' SQL Injection attack, which would force the application to delay its response, thereby revealing information based on the duration of the delay.
  • C. The hacker attempts to bypass the special character filter by encoding his malicious input, which could potentially enable him to successfully inject damaging SQL queries.
  • D. The hacker alters his approach and injects a DROP TABLE' statement, a move that could potentially lead to the loss of vital data stored in the application's database.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by 91a0021 at Feb. 28, 2025, 6:53 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
NikoTomas
1 month ago
Selected Answer: C
For sure C. As stated in the question, the input sanitization is in place, so the attacker must overcome it somehow - C) Using encoding to avoid blocking of unallowed special characters and/or keywords.
upvoted 1 times
...
Gibsomd
1 month ago
Selected Answer: C
Your application already filters special characters in user inputs, which is an effective measure against traditional SQL Injection attacks.
upvoted 1 times
...
91a0021
1 month, 2 weeks ago
Selected Answer: C
The key details in the question indicate: The attacker is using UNION-based SQL Injection. This means the goal is to extract data directly rather than relying on indirect inference techniques like time-based delays. The application filters special characters. The hacker’s immediate problem is bypassing the input sanitization, not dealing with a lack of visible outpu
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago