Review
Question 1
What are some of the exploits that are provided by a SQL injection attack?
A) The opportunity to explore the design of the database
B) The opportunity to call system stored procedures
C) The opportunity to shutdown services
D) All the above exploits
Answer D is correct. All the exploits identified are possible through SQL injection attacks. Through the use of the default Open Database Connectivity (ODBC)/OLEDB error message resulting from an SQL injection attack, a hacker has the ability to investigate the design of a database, allowing the hacker to perform more focused attacks. By appending the appropriate SQL statements in an SQL injection attack, the hacker can call system-stored procedures. Finally, using these system-stored procedures, the hacker has the ability to call operating system level functions using the XP_CMDSHELL stored procedures, giving them the ability to shut down services.
Question 1
What are some of the exploits that are provided by a SQL injection attack?
A) The opportunity to explore the design of the database
B) The opportunity to call system stored procedures
C) The opportunity to shutdown services
D) All the above exploits
Answer D is correct. All the exploits identified are possible through SQL injection attacks. Through the use of the default Open Database Connectivity (ODBC)/OLEDB error message resulting from an SQL injection attack, a hacker has the ability to investigate the design of a database, allowing the hacker to perform more focused attacks. By appending the appropriate SQL statements in an SQL injection attack, the hacker can call system-stored procedures. Finally, using these system-stored procedures, the hacker has the ability to call operating system level functions using the XP_CMDSHELL stored procedures, giving them the ability to shut down services.
No hay comentarios:
Publicar un comentario