CompTIA PenTest+ (PT0-002) — Question 171

A penetration tester analyzed a web-application log file and discovered an input that was sent to the company's web application. The input contains a string that says "WAITFOR." Which of the following attacks is being attempted?

Answer options

• A. SQL injection
• B. HTML injection
• C. Remote command injection
• D. DLL injection

Correct answer: A

Explanation

The presence of 'WAITFOR' in the input suggests an SQL injection attempt, as this command is often used in SQL databases to delay execution and can indicate an attacker is trying to manipulate SQL queries. HTML injection does not involve SQL commands, while remote command and DLL injection refer to different types of vulnerabilities unrelated to SQL databases.