SQL injection attacks typically allow an attacker to perform which malicious activity?
- Inject operating system commands to the vulnerable SQL database server.
- Inject operating system commands to the vulnerable web server that has a trust relationship to the SQL database server.
- Inject malicious SQL queries to obtain sensitive information from the back-end SQL database.
- Inject malicious HTTP GET requests to obtain sensitive information stored on the SQL database of the web server.
| Explanation & Hint:
SQL injection attacks typically allow an attacker to perform the activity of “injecting malicious SQL queries to obtain sensitive information from the back-end SQL database.” In an SQL injection attack, an attacker exploits vulnerabilities in a web application’s software to send malicious SQL code to the database. This can lead to unauthorized access to the database, allowing the attacker to view, modify, delete, or add data. This type of attack targets the database directly through the web application and does not typically involve injecting operating system commands or HTTP GET requests. |