SQLi - the giveaway is 1=1

Answer: SQLi attack SQL injection, also known as SQLI, is a common attack vector that uses malicious SQL code for backend database manipulation to access information that was not intended to be displayed. The giveaway here is the 1=1 in the query which is essentially creating a condition that will automatically be true. ====================== Helpful Info: XSS (Cross-Site Scripting) attacks -a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. Replay Attack - a kind of man-in-the-middle attack in which an attacker sniffs messages being sent on a channel to intercept them and resend them under the cloak of authentic messages. CSRF (Cross Sit Request Forgery)- attacks that target functionality that causes a state change on the server, such as changing the victim's email address or password, or purchasing something.

Almost anytime there is 1=1 in any example, its SQLi. Buddy took it recently and said there were a lot of them on his exams. Don't miss the free points.

In the provided logs, the presence of characters like -- and +OR+1=1-- in the requested URL indicates that the web server is likely vulnerable to SQL injection (SQLi) attacks. SQL injection is a type of web application vulnerability where an attacker can inject malicious SQL code into the input fields of a web application to manipulate the underlying database and potentially gain unauthorized access or extract sensitive information.

From Dion's material: If you see a 1=1 it is most likely a SQL injection

The most likely attack occurring based on the provided information is a "SQLi attack" (SQL Injection attack). The second log entry indicates that the attacker is attempting to exploit a SQL injection vulnerability by appending a payload to the "category" parameter of the contact form. The payload "OR 1=1--" is a common technique used to bypass authentication or gain unauthorized access by modifying the SQL query to always return true. The double-dash "--" indicates the start of a comment in SQL, which helps the payload to avoid syntax errors.

SQLi. Key is the 1=1 is the dead giveaway for the SQL injection attack

B - Typical SQL Injection payload

I selected SQL Injection. However every SQL Statement Query starts with SELECT which is missing. Confused with the wording of the question.

1=1 so its SQLi