ExamTopics Logo
Mail Us[email protected]
Menu
Eccouncil Discussions
exam questions

Exam 312-50v13 All Questions

View all questions & answers for the 312-50v13 exam
Go to Exam

Exam 312-50v13 topic 1 question 88 discussion

Actual exam question from ECCouncil's 312-50v13
Question #: 88
Topic #: 1
[All 312-50v13 Questions]

SQL injection (SQLi) attacks attempt to inject SQL syntax into web requests, which may bypass authentication and allow attackers to access and/or modify data attached to a web application.
Which of the following SQLi types leverages a database server’s ability to make DNS requests to pass data to an attacker?

  • A. In-band SQLi
  • B. Union-based SQLi
  • C. Out-of-band SQLi
  • D. Time-based blind SQLi
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by NikoTomas at March 13, 2025, 9:41 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
NikoTomas
1 month, 1 week ago
Selected Answer: C
Correct: C - Out-of-band... Server executes commands injected into SQL, that instructs the server, for example, to make connection to some specified domain, so the server makes DNS query to resolve the domain and tries to connect to the destination. The DNS communication usually goes via some backend management or inside network, which is out of band (scope) of the network via the attacker's query came to the server (via public front end web interface). To find out if this out-of-band communication from the server is happening and reaching the Internet, the attacker registers specific domain (used in the SQL injection) and listens for DNS resolutions on its Authoritative DNS server. If DNS query comes from the attacked server, the server is executing injected commands. BurpSuite Professional (i. e. paid version) has feature Collaborator, which automates creation the domain for the pentester and checking of incoming connections.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago