Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us [email protected]
Menu

Unlimited Access

Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.
Eccouncil Discussions

Exam 312-50v12 topic 1 question 136 discussion

Actual exam question from ECCouncil's 312-50v12
Question #: 136
Topic #: 1
[All 312-50v12 Questions]

You're the security manager for a tech company that uses a database to store sensitive customer data. You have implemented countermeasures against SQL injection attacks. Recently, you noticed some suspicious activities and suspect an attacker is using SQL injection techniques. The attacker is believed to use different forms of payloads in his SQL queries. In the case of a successful SQL injection attack, which of the following payloads would have the most significant impact?

  • A. UNION SELECT NULL, NULL, NULL -- : This payload manipulates the UNION SQL operator, enabling the attacker to retrieve data from different database tables
  • B. ' OR username LIKE '%': This payload uses the LIKE operator to search for a specific pattern in a column
  • C. ' OR '1'='l: This payload manipulates the WHERE clause of an SQL statement, allowing the attacker to view unauthorized data
  • D. ' OR 'a'='a; DROP TABLE members; --: This payload combines the manipulation of the WHERE clause with a destructive action, causing data loss
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by DarioReymag at Feb. 6, 2024, 10:38 p.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
insaniunt
Highly Voted 2 months, 4 weeks ago
Selected Answer: D
The correct answer is D. This payload combines the manipulation of the WHERE clause with a destructive action, causing data loss. This is the most significant impact because it can result in the deletion of an entire table from the database, which may contain sensitive customer data. The other payloads only allow the attacker to view or retrieve data, but not to modify or delete it. Therefore, they have less impact than D.
upvoted 8 times
...
aklsjda
Most Recent 2 weeks ago
The question didn't specify if there is a back up of the database, logically B&C are eliminated cuz "BRO". and A is eliminated because the attacker doe not want other tables data, so D is the answer (if database is deleted+no backup=DOOM!)
upvoted 1 times
...
calx5
2 months, 2 weeks ago
Selected Answer: A
A and C = data leakage; A with multiple-data leakage, big impact. B = pattern only, not data D = No data leakage, it is just data loss with backup as recovery.
upvoted 2 times
Lalo
1 month, 2 weeks ago
Correct answer DDDDDDDDDDDDDDDDDDDDDDDDD. Assuming that the other tables have critical information. However, what if they are temporary tables without critical information (the question does not clarify whether they are tables with important information or not). In this type of questions you have to check if they cover ALL possible options. In this situation, if we assume that it is unimportant data, the SQL injection attack with the most significant impact is D
upvoted 1 times
...
insaniunt
2 months, 1 week ago
Payload D is indeed the most destructive among the options. It not only manipulates the WHERE clause for unauthorized data access but also includes a DROP TABLE statement, which can lead to the deletion of the "members" table, causing data loss.
upvoted 2 times
...
...
[Removed]
2 months, 4 weeks ago
Could someone please validate this information
upvoted 1 times
...
[Removed]
2 months, 4 weeks ago
Im a bit hesitant about the validity of this claim
upvoted 1 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel