Which of the following system attack methods is executed by entering malicious code into the search box of a vulnerable website, causing the server to reveal restricted information?
SQL Injection: The attacker’s input manipulates a server-side database query, causing the server to include restricted data in its response to the attacker.
XSS: The injected script runs client-side in a browser, typically affecting other users, not directly extracting server data for the attacker.
The phrase “causing the server to reveal restricted information” suggests the server sends sensitive data back to the attacker as a direct result of the malicious input. SQL injection achieves this by exploiting the database, while XSS focuses on browser-side execution.
SQL injection is a type of attack where malicious SQL code is inserted into input fields, such as a search box, on a vulnerable website. This method exploits vulnerabilities in how the website handles user inputs, allowing attackers to manipulate the database and potentially retrieve restricted information.
upvoted 1 times
...
This section is not available anymore. Please use the main Exam Page.CISA Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
46080f2
3 months ago46080f2
3 months ago