injection
SQL commands
Websites
Random
Defence & other
100

How would you test for SQL injection

', '', ' -- , ' OR 1=1 etc.

100

What is --

a comment

100

When logging in which operator is used to check usernames and passwords are correct:

e.g. SELECT * from users where username=input ????? password=input

AND

100

Which tool can automate SQL attacks

sqlmap

100

Why is hiding database error messages helpful in defending against SQL injection?

prevents error based injection

200

Which of the following is an example of an SQL injection payload?

admin’ --

password123

user@example.com

123455

admin' --

200

What does null mean? (what is it used for?)

"nothing" its used to test column numbers

200

Name the three tiers in a typical 3-tier web application.

presentation tier, application (logic) tier, and data tier?

200

What type of SQL injection attack doesn’t display any output directly?

time/blind

200

This tool can filter traffic and block sql injection attacks

WAF

300

What is wrong with the syntax of this sql injection:

' select username,password from users --

There is no union

300

Which type of database will respond to @@version?

mysql

300

What is the main security benefit of separating the web server and database server into different tiers?

increases security, can allow components to be switched without impacting other sections of the site

300

What layer of the the 3-level web architecture processes SQL injection attacks

Logic/Application layer

300

Which SQL command is used to retrieve data from a database?

SELECT

400

You suspect a time-based SQLi. What command would you use to confirm it, and how would you validate your result?

SLEEP

WAITFOR DELAY

400

Which SQL operator (key word) is used to combine multiple conditions where at least one must be true

OR

400

Which SQL command will modify existing data in a database

UPDATE

400

Will moving a website that is vulnerable to SQL injection to a different sever remove the vulnerability

No

400

What is the term for checking that user input matches expected formats before using it in code or queries?

Input validation

500

What would the payload 1' AND 1=2 --  likely return if put into a login page?

a failed login

500

What command could you use to attempt authentication bypass

' OR 1=1 --

500

How could you use SQL injection to escalate your privileges on a website?

Steal usernames and passwords and then log in as an admin or authentication bypass as an admin

500

Name a reason why SQL injection might not be exploitable even if the input is vulnerable

(vulnerable input, but a normal user cannot get SQLi to work)

A WAF is blocking the attack

500

What type of query forces user input to be understood only as text

parameterized queries
M
e
n
u