SQL INJECTION FUNDAMENTALS 3-MySQL Flashcards
(40 cards)
What is the primary function of a database in a web application?
- A. Store static HTML pages
- B. Store and retrieve data related to the web application
- C. Host the web application
- D. Manage user sessions
Correct Answer: B. Store and retrieve data related to the web application
Explanation: Databases in web applications are used to store and retrieve various types of data, including web content and user information.
What is SQL injection (SQLi)?
- A. A method to enhance database performance
- B. An attack that allows users to execute unintended SQL queries
- C. A technique for data backup
- D. A process to encrypt database queries
Correct Answer: B. An attack that allows users to execute unintended SQL queries
Explanation: SQL injection is a security vulnerability that allows attackers to interfere with the queries an application makes to its database.
Which of the following is NOT a type of injection vulnerability?
- A. HTTP injection
- B. Code injection
- C. Command injection
- D. Data injection
Correct Answer: D. Data injection
Explanation: Data injection is not commonly listed as a type of injection vulnerability, unlike HTTP, code, and command injection.
What is a common method attackers use to exploit SQL injection vulnerabilities?
- A. Encrypting SQL queries
- B. Injecting a single quote (‘)
- C. Using secure coding practices
- D. Validating user input
Correct Answer: B. Injecting a single quote (‘)
Explanation: Attackers often use single quotes to manipulate the SQL query structure.
What can be a significant impact of a successful SQL injection attack?
* A. Improved website performance
* B. Enhanced user experience
* C. Data breaches and unauthorized access
* D. Better database organization
Correct Answer: C. Data breaches and unauthorized access
Explanation: SQL injections can lead to unauthorized access to sensitive data and potential data breaches.
How can SQL injection attacks be prevented?
- A. By using weak passwords
- B. By allowing direct database access
- C. Through user input sanitization and validation
- D. By disabling database backups
Correct Answer: C. Through user input sanitization and validation
Explanation: Properly sanitizing and validating user inputs can prevent SQL injection vulnerabilities.
What is the purpose of the UNION clause in SQL injection?
- A. To enhance database security
- B. To combine the results of multiple queries
- C. To encrypt database tables
- D. To delete database records
Correct Answer: B. To combine the results of multiple queries
Explanation: The UNION clause allows an attacker to combine results from multiple queries in SQL injection.
What type of information can be retrieved through SQL injection?
- A. Publicly available information
- B. Sensitive information like user logins and credit card details
- C. HTML content
- D. CSS styles
Correct Answer: B. Sensitive information like user logins and credit card details
Explanation: SQL injections can expose sensitive information stored in the database.
What are stacked queries in the context of SQL injection?
- A. Queries that are encrypted
- B. Multiple SQL statements executed in one go
- C. Queries that enhance database performance
- D. Queries that prevent SQL injection
Correct Answer: B. Multiple SQL statements executed in one go
Explanation: Stacked queries allow multiple SQL commands to be executed in a single query, which can be exploited in SQL injection attacks.
Why is user input validation important in preventing SQL injection?
- A. It improves database performance
- B. It ensures only intended data is processed
- C. It simplifies database queries
- D. It enhances the user interface
Correct Answer: B. It ensures only intended data is processed
Explanation: Validating user input ensures that only appropriate and safe data is processed by the database, preventing malicious inputs.
What is the primary function of a database in a web application?
- A. Store static HTML pages
- B. Store and retrieve data related to the web application
- C. Host the web application
- D. Manage user sessions
Correct Answer: B. Store and retrieve data related to the web application
Explanation: Databases in web applications are used to store and retrieve various types of data, including web content and user information.
What is SQL injection (SQLi)?
- A. A method to enhance database performance
- B. An attack that allows users to execute unintended SQL queries
- C. A technique for data backup
- D. A process to encrypt database queries
Correct Answer: B. An attack that allows users to execute unintended SQL queries
Explanation: SQL injection is a security vulnerability that allows attackers to interfere with the queries an application makes to its database.
Which of the following is NOT a type of injection vulnerability?
- A. HTTP injection
- B. Code injection
- C. Command injection
- D. Data injection
Correct Answer: D. Data injection
Explanation: Data injection is not commonly listed as a type of injection vulnerability, unlike HTTP, code, and command injection.
What is a common method attackers use to exploit SQL injection vulnerabilities?
- A. Encrypting SQL queries
- B. Injecting a single quote (‘)
- C. Using secure coding practices
- D. Validating user input
Correct Answer: B. Injecting a single quote (‘)
Explanation: Attackers often use single quotes to manipulate the SQL query structure.
What can be a significant impact of a successful SQL injection attack?
* A. Improved website performance
* B. Enhanced user experience
* C. Data breaches and unauthorized access
* D. Better database organization
Correct Answer: C. Data breaches and unauthorized access
Explanation: SQL injections can lead to unauthorized access to sensitive data and potential data breaches.
How can SQL injection attacks be prevented?
- A. By using weak passwords
- B. By allowing direct database access
- C. Through user input sanitization and validation
- D. By disabling database backups
Correct Answer: C. Through user input sanitization and validation
Explanation: Properly sanitizing and validating user inputs can prevent SQL injection vulnerabilities.
What is the purpose of the UNION clause in SQL injection?
- A. To enhance database security
- B. To combine the results of multiple queries
- C. To encrypt database tables
- D. To delete database records
Correct Answer: B. To combine the results of multiple queries
Explanation: The UNION clause allows an attacker to combine results from multiple queries in SQL injection.
What type of information can be retrieved through SQL injection?
- A. Publicly available information
- B. Sensitive information like user logins and credit card details
- C. HTML content
- D. CSS styles
Correct Answer: B. Sensitive information like user logins and credit card details
Explanation: SQL injections can expose sensitive information stored in the database.
What are stacked queries in the context of SQL injection?
- A. Queries that are encrypted
- B. Multiple SQL statements executed in one go
- C. Queries that enhance database performance
- D. Queries that prevent SQL injection
Correct Answer: B. Multiple SQL statements executed in one go
Explanation: Stacked queries allow multiple SQL commands to be executed in a single query, which can be exploited in SQL injection attacks.
Why is user input validation important in preventing SQL injection?
- A. It improves database performance
- B. It ensures only intended data is processed
- C. It simplifies database queries
- D. It enhances the user interface
Correct Answer: B. It ensures only intended data is processed
Explanation: Validating user input ensures that only appropriate and safe data is processed by the database, preventing malicious inputs.
What is the primary function of a relational database in a web application?
- A. To store and serve static content like HTML and CSS files
- B. To host the web application on a remote server
- C. To manage and organize dynamic data related to the application
- D. To provide real-time analytics and data visualization
Correct Answer: C. To manage and organize dynamic data related to the application
Explanation: Relational databases are used to store, organize, and manage dynamic data that is crucial for the functioning of web applications.
What distinguishes SQL injection from other types of injection attacks?
- A. It targets web applications using client-side scripts
- B. It manipulates the SQL queries executed by the database
- C. It exploits vulnerabilities in the server operating system
- D. It affects only non-relational databases
Correct Answer: B. It manipulates the SQL queries executed by the database
Explanation: SQL injection specifically involves manipulating the SQL queries made to the database, allowing attackers to execute unintended commands.
In the context of relational databases, what is the role of a primary key?
- A. To encrypt sensitive data in the table
- B. To uniquely identify each record in the table
- C. To link multiple databases together
- D. To provide default values for columns
Correct Answer: B. To uniquely identify each record in the table .
Explanation: A primary key uniquely identifies each record in a table, ensuring that each entry is distinct and can be referenced individually
How can an attacker use the UNION clause in a SQL injection attack?
* A. To drop database tables
* B. To combine results from multiple queries into a single result set
* C. To execute server-side scripts
* D. To encrypt the database schema
Correct Answer: B. To combine results from multiple queries into a single result set
Explanation: The UNION clause in SQL can be exploited to combine the results of multiple queries, potentially revealing unintended data.
