Answers can be found at http://mdsec.net/wahh.
- You are trying to exploit a SQL injection flaw by performing a UNION attack to retrieve data. You do not know how many columns the original query returns. How can you find this out?
- You have located a SQL injection vulnerability in a string parameter. You believe the database is either MS-SQL or Oracle, but you can't retrieve any data or an error message to confirm which database is running. How can you find this out?
- You have submitted a single quotation mark at numerous locations throughout the application. From the resulting error messages you have diagnosed several potential SQL injection flaws. Which one of the following would be the safest location to test whether more crafted input has an effect on the application's processing?
- (a) Registering a new user
- (b) Updating your personal details
- (c) Unsubscribing from the service
- You have found a SQL injection vulnerability in a login function, and you try to use the input ' or 1=1-- to bypass the login. Your attack fails, and the resulting error message indicates that the — characters are being stripped by the application's input filters. How could you circumvent this problem?
- You have found a SQL injection vulnerability but have been unable to carry out any useful attacks, because the application rejects any input containing whitespace. How can you work around this restriction?
- The application is doubling up all single quotation marks within user input before these ...