ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam PT0-002 All Questions

View all questions & answers for the PT0-002 exam
Go to Exam

Exam PT0-002 topic 1 question 231 discussion

Actual exam question from CompTIA's PT0-002
Question #: 231
Topic #: 1
[All PT0-002 Questions]

A penetration tester analyzed a web-application log file and discovered an input that was sent to the company's web application. The input contains a string that says "WAITFOR." Which of the following attacks is being attempted?

  • A. SQL injection
  • B. HTML injection
  • C. Remote command injection
  • D. DLL injection
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by kloug at Feb. 22, 2023, 7:12 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
lifehacker0777
7 months, 3 weeks ago
Selected Answer: A
Blind SQL Injection: Certified Ethical Hacker v8 module14 https://studylib.net/doc/25231781/cehv8---module-14---sql-injection
upvoted 1 times
...
KingIT_ENG
8 months ago
SQL Injection so A
upvoted 2 times
...
[Removed]
8 months ago
A is the answer WAITFOR can be used in a type of SQL injection attack known as time delay SQL injection or blind SQL injection34. This attack works on the basis that true or false queries can be answered by the amount of time a request takes to complete. For example, an attacker can inject a WAITFOR command with a delay argument into an input field of a web application that uses SQL Server as its database. If the query returns true, then theweb application will pause for the specified period of time before responding; if the query returns false, then the web application will respond immediately. By observing the response time, the attacker can infer information about the database structure and data1. Based on this information, one possible answer to your question is A. SQL injection, because it is an attack that exploits a vulnerability in a web application that allows an attacker to execute arbitrary SQL commands on the database server.
upvoted 3 times
...
[Removed]
8 months ago
I think A is the answe SQL injection
upvoted 2 times
...
nickwen007
8 months, 1 week ago
C. Remote command injection is the attack that is being attempted. The "WAITFOR" command allows a remote attacker to execute arbitrary commands on the target system, which can be used to gain access to sensitive data or to further exploit the system. This type of attack is commonly seen in web-application log files and should be guarded against with proper input validation. SQL injection is not the attack that is being attempted. SQL injection is a type of attack which involves supplying malicious SQL commands to a web application in order to gain access to sensitive data or to further exploit the system. The "WAITFOR" command does not involve SQL commands and instead is used to execute arbitrary commands on the target system, making it more likely to be a remote command injection attack.
upvoted 2 times
...
nickwen007
8 months, 1 week ago
The "WAITFOR" command is used to execute arbitrary commands on a target system. This type of attack is commonly seen in web-application log files and can be used to gain access to sensitive data or to further exploit the system. It is important to practice proper input validation and strong security measures to guard against this type of attack.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago