SQL Injection Quiz 2023 with complete solution
Which of the following methods carries the requested data to the webserver as a part of
the message body?
HTTP GET
HTTP POST
IBM DB2
Cold Fusion
HTTP POST
Which of the following system table does MS SQL Server database use to store
metadata? Hackers can use this system table to acquire database schema information
to further compromise the database.
sysdbs
sysrows
syscells
sysobjects
sysobjects
SQL injection attacks do not exploit a specific software vulnerability; instead they target
websites that do not follow secure coding practices for accessing and manipulating data
stored in a relational database.
True
False
True
Which of the following is the most effective technique in identifying vulnerabilities or
flaws in the web page code?
Traffic Analysis
Packet Analysis
Code Analysis
, Data Analysis
Code Analysis
An attacker injects the following SQL query:
blah' AND 1=(SELECT COUNT(*) FROM mytable); -- What is the intention of the
attacker?
Updating Table
Adding New Records
Deleting a Table
Identifying the Table Name
Identifying the Table Name
What is the main difference between a "Normal" SQL injection and a "Blind" SQL
injection vulnerability?
The request to the webserver is not visible to the administrator of the vulnerable
application.
The attack is called "Blind" because, although the application properly filters user input,
it is still vulnerable to code injection.
A successful attack does not show an error message to the administrator of the affected
application.
The vulnerable application does not display errors with information about the injection
results to the attacker.
The vulnerable application does not display errors with information about the injection
results to the attacker.
Which of the following attacks are not performed by an attacker who exploits SQL
injection vulnerabilities?
Authentication Bypass
Remote Code Execution
Covering Tracks
Which of the following methods carries the requested data to the webserver as a part of
the message body?
HTTP GET
HTTP POST
IBM DB2
Cold Fusion
HTTP POST
Which of the following system table does MS SQL Server database use to store
metadata? Hackers can use this system table to acquire database schema information
to further compromise the database.
sysdbs
sysrows
syscells
sysobjects
sysobjects
SQL injection attacks do not exploit a specific software vulnerability; instead they target
websites that do not follow secure coding practices for accessing and manipulating data
stored in a relational database.
True
False
True
Which of the following is the most effective technique in identifying vulnerabilities or
flaws in the web page code?
Traffic Analysis
Packet Analysis
Code Analysis
, Data Analysis
Code Analysis
An attacker injects the following SQL query:
blah' AND 1=(SELECT COUNT(*) FROM mytable); -- What is the intention of the
attacker?
Updating Table
Adding New Records
Deleting a Table
Identifying the Table Name
Identifying the Table Name
What is the main difference between a "Normal" SQL injection and a "Blind" SQL
injection vulnerability?
The request to the webserver is not visible to the administrator of the vulnerable
application.
The attack is called "Blind" because, although the application properly filters user input,
it is still vulnerable to code injection.
A successful attack does not show an error message to the administrator of the affected
application.
The vulnerable application does not display errors with information about the injection
results to the attacker.
The vulnerable application does not display errors with information about the injection
results to the attacker.
Which of the following attacks are not performed by an attacker who exploits SQL
injection vulnerabilities?
Authentication Bypass
Remote Code Execution
Covering Tracks
