Eccouncil Exam 312-50 Topic 1 Question 76 Discussion

Actual exam question for Eccouncil's 312-50 exam

Question #: 76
Topic #: 1

In an intricate web application architecture using an Oracle database, you, as a security analyst, have identified a potential SQL Injection attack surface. The database consists of 'x' tables, each with y columns. Each table contains z1 records. An attacker, well-versed in SQLi techniques, crafts 'u' SQL payloads, each attempting to extract maximum data from the database. The payloads include UNION SELECT' statements and 'DBMS_XSLPPOCESSOR.READ2CLOB' to read sensitive files. The attacker aims to maximize the total data extracted E=xyz'u'. Assuming 'x=4\ y=2\ and varying z' and 'u\ which situation is likely to result in the highest extracted data volume?

Az=400. u=4: The attacker constructs A SQLpayloads, each focusing on tables with 400 records, influencing all columns of all tables

Bz=550, u=Z Here, the attacker formulates 2 SQL payloads and directs them towards tables containing 550 records, impacting all columns and tables

Cz=600. u=2: The attacker devises 2 SQL payloads. each aimed at tables holding 600 records, affecting all columns across all tables

DAz=500. u=3: The attacker creates 3 SQL payloads and targets tables with 500 records each, exploiting all columns and tables
Explanation:
The total data extracted by the attacker is E=xyz'u', where x is the number of tables, y is the number of columns, z is the number of records, and u is the number of SQL payloads. To maximize E, the attacker would want to choose the highest values of z and u, while keeping x and y constant. Therefore, the situation where z=600 and u=2 would result in the highest extracted data volume, as E=42600*2=9600. The other situations would result in lower values of E, as shown below:
A: E=42400*4=12800
B: E=42550*2=8800
D: E=42500*3=12000
The attacker uses UNION SELECT statements to combine the results from different tables and columns, and DBMS_XSLPPOCESSOR.READ2CLOB to read sensitive files from the database server12.These techniques can bypass input validation and pattern matching measures that are based on the application's responses3.

Show Suggested Answer

Suggested Answer: B

by Amie at Feb 14, 2024, 12:52 AM

Limited Time Offer

25%

16 days ago

I think option C is the best choice because it maximizes the data extraction.

upvoted 0 times

...