A security analyst is investigating suspicious traffic on the web server located at IP address 10.10.1.1. A search of the WAF logs reveals the following output: Which of the following is MOST likely occurring?
Answer: SQLi attack
SQL injection, also known as SQLI, is a common attack vector that uses malicious SQL code for backend database manipulation to access information that was not intended to be displayed. The giveaway here is the 1=1 in the query which is essentially creating a condition that will automatically be true.
======================
Helpful Info:
XSS (Cross-Site Scripting) attacks -a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites.
Replay Attack - a kind of man-in-the-middle attack in which an attacker sniffs messages being sent on a channel to intercept them and resend them under the cloak of authentic messages.
CSRF (Cross Sit Request Forgery)- attacks that target functionality that causes a state change on the server, such as changing the victim's email address or password, or purchasing something.
Almost anytime there is 1=1 in any example, its SQLi. Buddy took it recently and said there were a lot of them on his exams. Don't miss the free points.
In the provided logs, the presence of characters like -- and +OR+1=1-- in the requested URL indicates that the web server is likely vulnerable to SQL injection (SQLi) attacks. SQL injection is a type of web application vulnerability where an attacker can inject malicious SQL code into the input fields of a web application to manipulate the underlying database and potentially gain unauthorized access or extract sensitive information.
The most likely attack occurring based on the provided information is a "SQLi attack" (SQL Injection attack). The second log entry indicates that the attacker is attempting to exploit a SQL injection vulnerability by appending a payload to the "category" parameter of the contact form. The payload "OR 1=1--" is a common technique used to bypass authentication or gain unauthorized access by modifying the SQL query to always return true. The double-dash "--" indicates the start of a comment in SQL, which helps the payload to avoid syntax errors.
This section is not available anymore. Please use the main Exam Page.SY0-601 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
comeragh
Highly Voted 2 years, 8 months agoxxxdolorxxx
2 years, 3 months agorodwave
Highly Voted 2 years, 5 months ago[Removed]
Most Recent 1 year, 5 months agoProtract8593
1 year, 9 months agoApplebeesWaiter1122
1 year, 10 months agoMasterControlProgram
2 years, 1 month agoDALLASCOWBOYS
2 years, 3 months agohieptran
2 years, 3 months agoQueenica
2 years, 5 months agoRonWonkers
2 years, 7 months ago