Last Updated on November 21, 2023 by InfraExam
Which vulnerability is required to make SQL injection attacks possible?
- improper user input validation by the web application
- improper SQL database schema
- improper trust relationship between the web application and the SQL database
- improper SQL syntax validation by the SQL database
|Explanation & Hint:
The vulnerability required to make SQL injection attacks possible is “improper user input validation by the web application.”
SQL injection attacks occur when an attacker is able to insert or “inject” a malicious SQL query into the input fields of a web application. This is made possible primarily due to the web application failing to properly validate, sanitize, or escape user-supplied input. When the input data is not correctly checked or handled, it can be manipulated to alter the SQL queries executed by the web application, leading to unauthorized access or manipulation of the database.
The other options listed do not directly enable SQL injection attacks: