CompTIA PenTest+ (PT0-002) — Question 300

While a penetration tester conducts a web application assessment, the following URL is accessed:

http://comptia.com/index.php?id=1%20ORR%2022-7%3d10

Which of the following exploit types is being attempted?

Answer options

• A. XML injection
• B. SQL injection
• C. Session hijacking
• D. Buffer overflow

Correct answer: B

Explanation

The correct answer is B, SQL injection, because the URL contains SQL syntax that attempts to manipulate the database query by using logical operators. The other options, such as XML injection, session hijacking, and buffer overflow, do not match the characteristics of the attack reflected in the URL.