Search in book...
Toggle Font Controls
Create new playlist

Name your new playlist

Playlist description (optional)
Sign In

Email address

Password

Forgot Password?

or

Continue with Facebook

Continue with Google
Sign Up

Full Name

Email address

Confirm Email Address

Password

or

Continue with Facebook

Continue with Google

Chapter 14
SQL Injection

CEH EXAM OBJECTIVES COVERED IN THIS CHAPTER:

III. Security
- P. Vulnerabilities
IV. Tools/Systems/Programs
- O. Operating environments (e.g., Linux, Windows, Mac)
- Q. Log analysis tools
- S. Exploitation tools

This chapter covers SQL injection, one of the most complex and powerful attacks. SQL injection has a steep learning curve, and to carry out an attack, you will need to have knowledge of web applications, databases, and SQL—and possess a lot of patience.

Attacks that use SQL target websites or web applications that are powered by a back-end database. The attack relies on the strategic insertion of malicious code or statements into existing queries with the intention of viewing or manipulating data that is stored in the tables within the database. Due to the ubiquity of SQL, this attack is reasonably portable across different platforms and database types. SQL injection attacks are a common and dangerous mechanism for compromising websites. Many high-profile attacks are a result of SQL injection.

Introducing SQL Injection

SQL injection has been around for at least 20 years, but it is no less powerful or dangerous than any other attack we have covered so far. It is designed to exploit flaws in a website or web application. The attack works by inserting code into an existing line of code prior to its being executed by a database. If SQL injection is successful, attackers can cause their own code to run.

In the real world this attack has proven dangerous because many developers are either not aware of the threat or don’t understand its seriousness. Developers should be aware that:

SQL injection is typically a result of flaws in the web application or website and is not an issue with the database.
SQL injection is at the source of many of the high-level or well-known attacks on the Internet.
The goal of attacks of this type is to submit commands through a web application to a database in order to retrieve or manipulate data.
The usual cause of this type of flaw is improper or absent input validation, thus allowing code to pass unimpeded to the database without being verified.

SQL Attacks in Action

In 2011, Sony Corporation was the victim of a SQL injection that compromised a multitude of accounts (estimated to be over one million e-mails, usernames, and passwords). The attack was the result of a known vulnerability that could have been discovered through pen testing.

In 2013, the U.S. Department of Energy (DoE) and the U.S. Army also found themselves victims of SQL injection. The FBI revealed that a minimum of 100,000 records, including Social Security numbers of current and former federal employees, were compromised. Additionally, 2,800 of the records obtained included bank account numbers.

When investigating this attack, the FBI revealed that not only the DoE and the Army were impacted; NASA, the U.S. Missile Defense Agency, and the Environmental Protection Agency were also affected. Details of these attacks have not been fully released as of this writing.

SQL injection is achieved through the insertion of characters into existing SQL commands with the intention of altering the intended behavior. The following example illustrates SQL injection in action and how it is carried out. The example also reveals the impact of altering the existing values and structure of a SQL query.

In the following example, an attacker with the username link inputs for the original code after the = sign in WHERE owner which used to include the string 'name'; DELETE FROM items; -- for itemName into an existing SQL command, and the query becomes the following two queries:

SELECT * FROM items
WHERE owner = 'link'
AND itemname = 'name';
DELETE FROM items;--

Many of the common database products such as Microsoft’s SQL Server and Oracle’s Siebel allow several SQL statements separated by semicolons to be executed at once. This technique, known as batch execution, allows an attacker to execute multiple arbitrary commands against a database. In other databases, this technique will generate an error and fail, so knowing the database you are attacking is essential.

If an attacker enters the string 'name'; DELETE FROM items; SELECT * FROM items WHERE 'a' = 'a', the following three valid statements will be created:

SELECT * FROM items
WHERE owner = 'link'
AND itemname = 'name';
DELETE FROM items;
SELECT * FROM items WHERE 'a' = 'a';

A good way to prevent SQL injection attacks is to use input validation, which ensures that only approved characters are accepted. Use whitelists, which dictate safe characters, and blacklists, which dictate unsafe characters.

Results of SQL Injection

What can be accomplished as a result of a SQL injection attack? Well, there are a huge number of possibilities, which are limited only by the configuration of the system and the skill of the attacker.

If an attack is successful, a host of problems could result. Consider the following a sample of the potential outcomes:

Identity spoofing through manipulating databases to insert bogus or misleading information such as e-mails and contact information.
Alteration of prices in e-commerce applications. In this attack, the intruder once again alters data, but does so with the intention of changing price information in order to purchase products or services at a reduced rate.
Alteration of data or outright replacement of data in existing databases with information created by the attacker.
Escalation of privileges to increase the level of access an attacker has to the system, up to and including full administrative access to the operating system.
Denial of service, performed by flooding the server with requests designed to overwhelm the system.
Data extraction and disclosure of all data on the system through the manipulation of the database.
Destruction or corruption of data through rewriting, altering, or other means.
Eliminating or altering transactions that have been or will be committed.

The Anatomy of a Web Application

A web application is the target of a SQL injection attack, so you must understand how these apps work. A web app can be described simply as an application that is accessed through a web browser or application (such as the apps on a smartphone). However, we need to be a little more detailed with our description in order to better understand SQL injection. In essence, a web application works by performing these steps:

The user makes a request through the web browser from the Internet to the web server.
The web server accepts the request and forwards it to the applicable web application server.
The web application server performs the requested task.
The web application accesses the entire database available and responds to the web server.
The web server responds back to the user once the transaction is complete.
The requested information appears on the user’s monitor.

The details involved in these steps can change depending on the application involved.

Server-side vs. Client-side

First let’s look at the type of technologies involved in browsing and working with the Web. They mainly fall into two areas: client-side and server-side. Server-side technologies are those that run and are executed on the server itself before delivering information to the requester. Client-side technologies are those that run within the browser or somewhere on the client side. For the purposes of our discussion, we will not be covering client-side here.

Server-side technologies come in many varieties and types, each of which offers something specific to the user. Generally, each of the technologies allows for the creation of dynamic and data-driven web applications. There are a wide range of server-side technologies that you can use to create these types of web applications, among them:

ASP
ASP.NET
Oracle
PHP
JSP
SQL Server
IBM DB2
MySQL
RubyOnRails

All of these technologies are powerful and offer the ability to generate web applications that are extremely versatile. Each also has vulnerabilities that can lead to them being compromised, but this chapter is not about those. This chapter, like SQL injection, is designed to target the code that is used to make the technologies access a database as part of its functioning. This code, when incorrectly crafted, can be scrutinized and result in vulnerabilities uncovered and exploited.

Databases and Their Vulnerabilities

Since ultimately an attacker is going after the information contained in a database, you must have a good understanding of databases. Databases store data such as configuration information, application data, and other information of all shapes and sizes. An attacker who can successfully locate a vulnerable database will find it a tempting target to pursue.

In today’s environment databases form the heart of many web apps. Commonly used applications such as Microsoft SharePoint and others use databases as the nucleus of their structure. In fact, a majority of web apps would not function without a database as their back-end.

A Look at Databases

For all of its complexities, a database can be described as simply a hierarchical, structured format for storing information for later retrieval, modification, management, and other purposes. The types of information that can be stored within this format vary, but the goal is still the same: storage and retrieval.

Databases are typically categorized based on how they store their data. These types include the following:

Relational Database With a relational database, data can be organized and accessed in various ways as appropriate for the situation. For example, a data set containing all the customer orders in a table can be grouped by the zip code in which the transaction occurred, by the sale price, by the buyer’s company name, and so on.

Distributed Database A distributed database is designed to be dispersed or replicated between different locations across a network.

Object-oriented Programming Database An object-oriented programming database is built around data-defined object classes and subclasses.

Within a database are several structures designed to organize and structure information. Each structure allows the data to be easily managed, queried, and retrieved:

Record or Row Each record in a database represents a collection of related data such as information about a person.

Column A column represents one type of data, for example, age data for each person in the database.

Databases have a broad range of applications for everything from storing simple customer data to storing payment and customer information. For example, in an e-commerce application when customers place an order their payment and address information may be stored within a database that resides on a server.

While the function of databases may sound mundane, databases come into their own when linked to a web application. A database linked as part of a web app can make a website and its content much easier to maintain and manage. For example, if you use a technology such as ASP.NET, you can modify a website’s content simply by editing a record in a database. With this link, simply changing a record in a database will trigger a change in any associated pages or other areas.

Another common use of databases, and one of the higher-profile targets, is in membership or member registration sites. In these types of sites, information about visitors who register with the site is stored within a database. This information can be used for a discussion forum, chat room, or many other applications. With potentially large amounts of personal information being stored, an attacker would find this setup ideal for obtaining valuable data.

Locating Databases on the Network

A tool that is effective at locating rogue or unknown database installations is a tool known as SQLPing 3.0, as described on the vendor’s website:

SQLPing 3.0 performs both active and passive scans of your network in order to identify all of the SQL Server/MSDE installations in your enterprise. Due to the proliferation of personal firewalls, inconsistent network library configurations, and multiple-instance support, SQL Server installations are becoming increasingly difficult to discover, assess, and maintain. SQLPing 3.0 is designed to remedy this problem by combining all known means of SQL Server/MSDE discovery into a single tool, which can be used to ferret out servers you never knew existed on your network so you can properly secure them; see http://www.vulnerabilityassessment.co.uk/.

SQLRecon is very similar to SQLPing, but it also provides additional techniques to discover SQL Server installations that may be hidden (http://www.vulnerabilityassessment.co.uk/):

SQLRecon performs both active and passive scans of your network in order to identify all of the SQL Server/MSDE installations in your enterprise. Due to the proliferation of personal firewalls, inconsistent network library configurations, and multiple-instance support, SQL Server installations are becoming increasingly difficult to discover, assess, and maintain. SQLRecon is designed to remedy this problem by combining all known means of SQL Server/MSDE discovery into a single tool which can be used to ferret-out servers you never knew existed on your network so you can properly secure them.

Running a scan with either of these tools will give you information about where you may have SQL Server installations that you are unaware of.

Database Server Password Cracking

After a database has been located, the next step an attacker can take is to see whether the password can be broken. A feature that is included in SQLPing3.0 is a password-cracking capability that can be used to target a database server and break its passwords. The password-cracking capabilities accompanying the product include the ability to use dictionary-based cracking methods to bust the passwords.

Anatomy of a SQL Injection Attack

The potential attacks that can be performed to leverage the flaws in poorly designed websites are beyond count. The seemingly endless combinations of technologies and environments lend themselves to plenty of different attacks.

In this section we will examine a basic attack against a website to see how this works in practice. Note that this is only one type of SQL injection. In the wild these attacks may take many different forms.

Acquiring a Target for Attack

Before you can attack a target, you must first have a target. To find a target you can use various techniques, but let’s use some good old Google hacking.

If you recall, Google hacking is the use of advanced search query commands to uncover better results. Through a little trial and effort, you can find a website that is vulnerable to an attack. There are numerous search queries you can use, but some of the ones that can yield results include:

inurl:index.php?id=
inurl:trainers.php?id=
inurl:buy.php?category=
inurl:article.php?ID=
inurl:pageid=
inurl:games.php?id=
inurl:page.php?file=
inurl:newsDetail.php?id=
inurl:gallery.php?id=
inurl:article.php?id=
inurl:show.php?id=
inurl:staff_id=
inurl:newsitem.php?num=
andinurl:index.php?id=
inurl:trainers.php?id=
inurl:buy.php?category=
inurl:article.php?ID=
inurl:pageid=
inurl:games.php?id=
inurl:page.php?file=
inurl:gallery.php?id=
inurl:article.php?id=
inurl:show.php?id=
inurl:staff_id=
inurl:newsitem.php?num=

There are plenty of ways to search Google using various search terms to uncover a potentially vulnerable target. I encourage you to experiment with different combinations to see if you can obtain better or more actionable results.

Once you’ve identified your target, your next step is to look for vulnerabilities. One easy way to determine if a site is vulnerable to SQL injection is to add an apostrophe to the end of the URL like so:

http://www.somesite.com/default.php?id=1'

Type this URL and press Enter, and then observe the results. If an error is returned, the web application or site located at the URL is vulnerable to SQL injection, though you don’t know to what degree.

Initiating an Attack

One of the first steps you can take to uncover information about a vulnerable site is to learn the structure of the database. To do this you can append a simple order by statement to the URL like so:

http://www.somesite.com/default.php?id=1 order by 1

If this code returns any result other than an error, then increment the number after the order by statement by 1 (or some other amount if desired) until an error is returned. When an error is encountered, it indicates that the last entry that did not return an error is the number of columns in the database.

Once the columns have been determined, you can establish whether you can make queries against the system. Do so by performing what is known as a union select on the system by appending it to the end of the URL:

http://www.somesite.com/default.php?id=-1 union select 1,2,3,4,5,6,7,8

Take a close look at this statement. This statement assumes that you discovered that there were eight columns in the database in your previous step. If more or fewer were encountered, you would adjust the numbers after the select accordingly. Also note that you add a hyphen after the = sign and before the number 1 (after the id).

Once the results of this query are returned, you will see that column numbers are returned. The numbers that are returned indicate that queries are accepted against these columns, and you can now inject further refined SQL statements into each.

You can now start doing some interesting tasks. Let’s begin by identifying the SQL version that is in use. To do this, you will use the command @@version or version() to extract the version information from the database. You will target one of the columns that accept SQL queries. In our example, let’s use column 3:

http://www.somesite.com/default.php?id=-1 union select 1,2,@@version,4,5,6

The version information returned will replace the @@version. Depending on the database version being returned, you can determine the next stage of the attack. In our example here, let’s assume the version returned is correct for our next step.

With the version information checking out, you can do something even more interesting. You can obtain a list of the databases present on the system by executing the following command:

http://www.somesite.com/default.php?id=-1 union select ~CA
1,2,group_concat(schema_name),4,5,6 from information_schema.schemata--

To determine the current database:

http://www.somesite.com/default.php?id=-1 union select ~CA
1,2,concat(database()),4,5,6--

To get the current user:

http://www.somesite.com/default.php?id=-1 union select ~CA
1,2,concat(user()),4,5,6--

To get the tables:

http://www.somesite.com/default.php?id=-1 union select ~CA
1,2,group_concat(table_name),4,5,6 from information_schema.tables where ~CA
table_schema=database()—

With the tables presented, you will target the users table:

http://www.somesite.com/default.php?id=-1 union select ~CA
1,2,group_concat(column_name),4,5,6 from information_schema.columns where ~CA
table_schema=database()--

Altering Data with a SQL Injection Attack

Another way to alter data using SQL injection involves using the forms that appear on many websites. Forms that collect login or other information can be vulnerable to attack depending on their design and any flaws that are present. Any form that solicits data and is somehow connected to a database of any type may be vulnerable to SQL injection.

To illustrate this point, let’s consider a form of a common and simple design. This hypothetical form is one of the commonly encountered forms that any user would use to recover their password. This form simply requires the user to enter an e-mail address and then click OK. Once this is done, the application searches the database for the provided e-mail address. It then sends an e-mail to that address.

However, let’s change things a bit to show how SQL injection works in this situation. In this case the attacker—you—will attempt to get the application to execute custom SQL code to either steal information or alter existing information in some way.

First, you must determine what the database and application are doing and how the database is structured. In this case the application is more than likely using what is known as a SQL SELECT statement to retrieve data, like so:

SELECT data
          FROM table
              WHERE emailinput = '$email_input';

Because of the way applications like this function, you would have to make an educated guess as to how the code is constructed. In this situation, the code is close to the actual code itself as it originally appeared. You would expect a query to use a variable to hold the user’s identity since it would need to be able to handle a multitude of inputs.

Remember earlier when you forced an application to generate errors? In this case it is pretty much the same thing; you must determine how the application reacts when invalid or unexpected input is provided. Once you know how the application reacts to this type of input, you can start to formulate malicious SQL strings.

To accomplish this in our example, you input an e-mail address into the form but with a single quote appended to it, like so:

[email protected]'

Once you enter the malformed e-mail address, you can reasonably expect one of the following:

The application will sanitize the input by removing the quote from the text because the application’s designer recognized single quotes as potentially malicious.
The application does not have protection in place and accepts the input without sanitizing it and proceeds to execute it. In that case the SQL is being run by the application. Pay attention to the impact of this extra quote in the SQL statement. If you look closely you will notice that an extra quote now appears at the end of the line:

SELECT data
     FROM table
         WHERE Emailinput = '[email protected]'';

When the application executes SQL code seen here, an error message should appear. The content and context of this error message is vital in determining the next step in the process. If the application is designed well and is validating input and sanitizing it, you probably will not see any type of message in return. However, if the application is not performing any sort of cleanup or sanitization on input, then an error message may result. The presence of these errors indicates that there may be enough of a flaw present to exploit in some manner.

At this point you can start to perform your injection to see what types of information or actions are available to you. For example, you may be able to uncover the structure of the database itself (specifically the tables in the database) using the following code:

     UPDATE table
      SET email = '[email protected]'
      WHERE email = '[email protected]';

Then, if the application runs this malicious code, it looks like this:

SELECT data
          FROM table
              WHERE Emailinput = 'Y';
     UPDATE table
      SET email = '[email protected]'
      WHERE email = '[email protected]';

Let’s analyze the final result here. When you string all the code together, you can see that the code is altering the database so that the original e-mail address, [email protected], is replaced with another e-mail address, [email protected]. The result is that the attacking party’s code uses the website’s reset password function to change the password and the request is then sent to the attacker’s address. Additionally, the login information for the site has now been changed to a new account.

Once you have performed this action successfully, as the attacker you can go about performing additional functions such as browsing information in the system or inputting new data (or possibly worse).

Injecting Blind

What if the target you are trying to penetrate does not return messages no matter what actions you take? In this situation you are flying blind, so it makes sense to attempt a blind SQL injection. This type of attack is not dependent on the presence of error messages. Much like any other SQL injection, a blind SQL injection can be used to manipulate information, destroy information, or extract data.

This attack works by indirectly obtaining information, such as through the use of true or false statements or through the use of timing information about the nature of the environment. Let’s take a look at one example:

:; IF EXISTS(SELECT *  FROM users) WAITFOR DELAY '0 :0 :10 '-

This code first checks whether the database users exists. If it doesn’t, the code displays, “We are unable to process your request. Please try back later.” If the database does exist, it will pause for 10 seconds. After 10 seconds, it displays, “We are unable to process your request. Please try back later.”

Since no error messages are returned, you can use the WAITFOR DELAY command to check the SQL execution status:

WAITFOR DELAY , 'time' (Seconds)

So what is happening in this attack? Well, let’s look at the first line:

:; IF EXISTS(SELECT *  FROM users) WAITFOR DELAY '0 :0 :10 '-

The first part of the statement (which ends right before the WAITFOR statement) is sent to the system for it to process. If the system cannot run it, the system is therefore not vulnerable. It will discard the whole line and return control back to the user, or it may return an application error message (which will not help you). If the system can run the first part, it will process the whole line, which will cause a momentary but noticeable pause, indicating to you, the attacker, that the whole line was processed.

Information Gathering

Understanding SQL is important to the process of gathering further and more detailed information about a target. Being able to skillfully create and formulate SQL statements allows you to manipulate and access information better than without this skill.

In our earlier example, you used SQL code to determine the version and type of database in your target. You also used code to generate error messages that allowed you to gather more information about the environment. This information helps guide the later steps and helps you determine how to better attack the database. You can find out what kind of database is used, what version is being used, user privilege levels, and various other things. Different databases require different SQL syntax.

Information from Error Messages

As you saw earlier, error messages can reveal information that may not be readily obvious. It is through these error messages that additional attacks can be developed. In our example you saw one way to extract information from error messages, but there are other methods as well:

Grouping Error Messages Use the HAVING command to further refine a query by basing it on grouped fields. The error message will reveal information about which fields in the database have not been grouped:

'group  by  columnnames  having  1=1  -  -V

Type Mismatch Try to insert strings into numeric fields; the error message will show you the data that could not be converted:

'union select 1,1,'text',1,1,1 - -
'union select 1,1,bigint,1,1,1 - -

Blind Injection Use time delays or error signatures to extract information:

if  condition  waitfor  delay  '0:0:5 '  - -
1; union  select if (condition) , 1 , 1 , 1 , ! ;

Evading Detection Mechanisms

One mechanism that can protect databases is an intrusion detection system (IDS). An IDS monitors network and host activity, and some can monitor database applications. IDSs are effective at detecting activities that may indicate an attack.

To evade an IDS, you can use a multitude of techniques, each designed to fool an IDS or to prevent detection by the device. In many cases IDSs use signature-based detection systems, which means that many attacks will seek to avoid resembling known attacks. If an attack matches a known pattern, it will trigger an alert to the administrator.

The most common way to avoid detection is through careful and deliberate manipulation of input strings to thwart matching. Some common ways to do this include:

Sophisticated matching techniques designed to use alternative means of representing queries
Hex coding, or converting queries into their hexadecimal equivalents
Liberal use of whitespace
Use of comments in code to break up statements
Concatenating strings of text to create SQL keywords using database-specific instructions
Obfuscated code, or a SQL statement that has been made difficult to understand

SQL Injection Countermeasures

SQL injection can be one of the hardest attacks to thwart and one of the most powerful to exploit. However, defenses are available to make them less damaging or less likely to occur.

First, one of the most powerful tools to thwart SQL injection is to use validation. For example, if your application expects an e-mail address then the application should not accept data that does not match the format of an e-mail address. Or if it expects numbers, it should not accept symbols or letters. Validation can be performed by whitelisting (or blacklisting) what is (or is not) acceptable to an application.

Some other common defenses against SQL injections include:

Avoid the use of dynamic SQL. These are queries that are built on demand. Dynamic statements are generated from the options and choices made on the client side. Such statements should be avoided in favor of using stored procedures or predefined statements.
Perform maintenance on the server regularly and keep an eye out for software updates and patches.
Intrusion detection systems also play a vital role in protecting these systems much like they do with other network components. In fact some IDSs can monitor interactions at the database layer.
Harden a system to include the operating system and database. Every database has countless options and features, of which only a handful tend to get used regularly. Disabling unneeded features prevents them from being used maliciously. For example, the xp_cmdshell command should always be disabled in a database application unless absolutely necessary.
Exercise least privilege and give the database and the applications that attach to it only the access they need and nothing more.
Ensure that applications are well tested before deployment into production.
Avoid default configurations and passwords.
Disable error messages outside the test and development environments.

Summary

This chapter explored SQL injection attacks and how they function. I discussed these attacks and showed you how to defend against them. You learned that SQL injection is one of the most complex and powerful types of attacks seen today. Attacks designed to use or leverage SQL can be devastating. To carry out such an attack, you need to have knowledge of web applications, databases, and SQL.

SQL Injections can be very complex and dangerous when in the hands of a skilled attacker. With a few lines of code an attacker can easily destroy, delete, or modify data with relative ease. An extra skilled attacker can even send commands directly to the operating system itself performing even more dangerous operations up to and including privilege escalations and the installation of software.

Exam Essentials

Understand the various types of databases. Know the various types of databases, including hierarchical and relational, each of which stores information a little differently.

Know the mechanics of SQL injection. Know the basics of SQL injection attacks and how they work. Know that while different databases may have different syntax and structure, SQL injection attacks have common operating characteristics.

Understand how web applications use databases. Know that many web applications rely on a database in which the application stores its data, configuration, and other information.

Review Questions

Input validation is used to prevent which of the following?
1. Bad input
2. Formatting issues
3. Language issues
4. SQL injection
Web applications are used to _________.
1. Provide dynamic content
2. Stream video
3. Apply scripting
4. Implement security controls
Which of the following challenges can be solved by firewalls?
1. Protection against buffer overflows
2. Protection against scanning
3. Enforcement of privileges
4. Ability to use nonstandard ports
Databases can be a victim of code exploits depending on:
1. Configuration
2. Vendor
3. Patches
4. Client version
In addition to relational databases there is also what kind of database?
1. Hierarchical
2. SQL
3. ODBC
4. Structured
Which of the following is a scripting language?
1. ActiveX
2. Java
3. CGI
4. ASP.NET
_________ is used to audit databases.
1. Ping
2. IPConfig
3. SQLping
4. Traceroute
Browsers do not display _________.
1. ActiveX
2. Hidden fields
3. Java
4. JavaScript
Proper input validation can prevent what from occurring?
1. Client-side issues
2. Operating system exploits
3. SQL injection attacks
4. Software failure
_________ can be used to attack databases.
1. Buffer overflows
2. SQL injection
3. Buffer injection
4. Input validation
Which command can be used to access the command prompt in SQL Server?
1. WHERE
2. SELECT
3. xp_cmdshell
4. cmdshell
Which command is used to query data in SQL Server?
1. cmdshell
2. WHERE
3. SELECT
4. from
Which statement is used to limit data in SQL Server?
1. cmdshell
2. WHERE
3. SELECT
4. to
Which command is used to remove a table from a database?
1. cmdshell −drop table
2. REMOVE
3. DROPTABLES
4. drop table
SQL injection attacks are aimed at which of the following?
1. Web applications
2. Web servers
3. Databases
4. Database engines
Which of the following is another name for a record in a database?
1. Row
2. Column
3. Cell
4. Label
What type of database has its information spread across many disparate systems?
1. Hierarchical
2. Relational
3. Distributed
4. Flat
What type of database uses multiple tables linked together in complex relationships?
1. Hierarchical
2. Relational
3. Distributed
4. Flat
What can an error message tell an attacker?
1. Success of an attack
2. Failure of an attack
3. Structure of a database
4. All of the above
A blind SQL injection attack is used when which of the following is true?
1. Error messages are not available.
2. The database is not SQL compatible.
3. The database is relational.
4. All of the above.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.