CompTIA PenTest+ (PT0-002) — Question 403

A penetration tester found the following valid URL while doing a manual assessment of a web application: http://www.example.com/product.php?id=123987.
Which of the following automated tools would be best to use NEXT to try to identify a vulnerability in this URL?

Answer options

• A. SQLmap
• B. Nessus
• C. Nikto
• D. DirBuster

Correct answer: A

Explanation

SQLmap is specifically designed to detect and exploit SQL injection vulnerabilities in web applications, making it the most suitable tool for this URL. Nessus is a general vulnerability scanner, while Nikto focuses on web server vulnerabilities, and DirBuster is used for directory brute-forcing, none of which are tailored for SQL injection testing.