Virtual Labs

Tools

Aim

Theory

Pretest

Procedure

Simulation

Posttest

References

Contributors

Feedback

Aim

Theory

Pretest

Procedure

Simulation

Posttest

References

Contributors

Feedback

SQL Injection Attack Simulation and Mitigation Techniques

Choose difficulty:

Beginner

Intermediate

Advanced

What is the primary technical cause of a SQL Injection vulnerability?

a: Using a database that doesn't support encryption. Explanation

Explanation

b: Directly concatenating user input into SQL query strings. Explanation

Explanation

c: Failing to use a firewall. Explanation

Explanation

d: Storing passwords in plain text. Explanation

Explanation

How does a tautology-based attack like ' OR '1'='1 work?

a: It crashes the database server. Explanation

Explanation

b: It encrypts the database records. Explanation

Explanation

c: It makes the WHERE clause always evaluate to true, bypassing authorization checks. Explanation

Explanation

d: It deletes all users from the database. Explanation

Explanation

What is the purpose of using '--' in a SQL injection payload?

a: To increment a numerical value. Explanation

Explanation

b: To start a new SQL command. Explanation

Explanation

c: To comment out the rest of the original query, ignoring subsequent checks. Explanation

Explanation

d: To escape special characters. Explanation

Explanation

Which of the following query structures is most likely vulnerable to SQL Injection?

a: SELECT * FROM users WHERE id = ? Explanation

Explanation

b: db.execute('SELECT * FROM products WHERE category = $1', [cat]) Explanation

Explanation

c: const q = 'SELECT * FROM items WHERE name = ' + itemName; Explanation

Explanation

d: Executing a stored procedure with safe parameters. Explanation

Explanation

Community Links Sakshat Portal Outreach Portal FAQ: Virtual Labs

AGPL 3.0 & Creative Commons (CC BY-NC-SA 4.0)