New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

The SecOps Group CAP Exam - Topic 16 Question 101 Discussion

Actual exam question for The SecOps Group's CAP exam
Question #: 101
Topic #: 16
[All CAP Questions]

Which SQL function can be used to read the contents of a file during manual exploitation of the SQL injection vulnerability in a MySQL database?

Show Suggested Answer Hide Answer
Suggested Answer: B

SQL injection vulnerabilities allow attackers to manipulate database queries, potentially accessing unauthorized data, including file contents, if the database supports such operations. In MySQL, the LOAD_FILE() function is specifically designed to read the contents of a file on the server where the database is hosted, provided the file exists, the database user has appropriate privileges (e.g., FILE privilege), and the file is readable. For example, SELECT LOAD_FILE('/etc/passwd') could extract the contents of the /etc/passwd file if exploitable.

Option A ('READ_FILE()'): This is not a valid MySQL function.

Option B ('LOAD_FILE()'): This is the correct function for reading file contents in MySQL, making it the right choice for exploitation.

Option C ('FETCH_FILE()'): This is not a recognized MySQL function.

Option D ('GET_FILE()'): This is also not a valid MySQL function.

The correct answer is B, aligning with the CAP syllabus under 'SQL Injection' and 'Database Security.'


by Agustin at Nov 25, 2025, 12:40 AM

Limited Time Offer

25%

Off

Get Premium CAP Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Lynsey
16 hours ago
Ah, the good old LOAD_FILE() function. Brings back memories of my early days in the cybersecurity world.
upvoted 0 times
...
Shad
6 days ago
The LOAD_FILE() function is the way to go. It's a classic SQL injection technique that every aspiring hacker should know.
upvoted 0 times
...
Eleni
11 days ago
Haha, I remember the first time I used LOAD_FILE() to read a sensitive file. The look on the admin's face was priceless!
upvoted 0 times
...
Aide
16 days ago
I've used the LOAD_FILE() function before in my penetration testing. It's a powerful tool for exploiting SQL injection vulnerabilities.
upvoted 0 times
...
Gennie
21 days ago
The LOAD_FILE() function is the correct answer. It allows you to read the contents of a file during SQL injection attacks.
upvoted 0 times
...
Krystina
26 days ago
I’m leaning towards LOAD_FILE() too, but I wonder if there are any restrictions on file paths that could affect it.
upvoted 0 times
...
Dominque
1 month ago
I feel like READ_FILE() might be a trick option, but I can't recall if it actually exists in MySQL.
upvoted 0 times
...
Lettie
1 month ago
I remember practicing with a similar question, and LOAD_FILE() was definitely the function we focused on.
upvoted 0 times
...
Shay
1 month ago
I think it's LOAD_FILE(), but I’m not entirely sure if it works in all MySQL versions.
upvoted 0 times
...
Tonja
2 months ago
LOAD_FILE(), that's definitely the one. I remember learning about that in our security module. It's the go-to function for reading files during a manual SQL injection exploit.
upvoted 0 times
...
Aleisha
2 months ago
Ugh, I hate these SQL injection questions. They're so specific and tricky. I'm going to have to really think this through to make sure I get the right function name.
upvoted 0 times
...
Fletcher
2 months ago
Okay, I've seen this before. I'm pretty confident the answer is LOAD_FILE(). That's the SQL function that lets you read arbitrary files on the server during an injection attack.
upvoted 0 times
...
Malcom
2 months ago
I think it's B) LOAD_FILE(). Seems right for file access.
upvoted 0 times
...
Kelvin
2 months ago
I thought it was A) READ_FILE() at first.
upvoted 0 times
...
Nikita
2 months ago
It's definitely B) LOAD_FILE()!
upvoted 0 times
...
Shaquana
3 months ago
I'm not totally sure about this one. I know there's a function to read files, but I can't remember the exact name. I'll have to think this through carefully.
upvoted 0 times
...
Dino
3 months ago
Hmm, I think the LOAD_FILE() function is the one we're looking for here. That's the standard way to read file contents in a MySQL injection attack, right?
upvoted 0 times
Doyle
3 months ago
Makes sense, especially for reading files.
upvoted 0 times
...
Michel
3 months ago
I agree, LOAD_FILE() is definitely the right choice.
upvoted 0 times
...
...

Save Cancel