CompTIA PenTest+ (PT0-002) — Question 75

A penetration tester is looking for vulnerabilities within a company's web application that are in scope. The penetration tester discovers a login page and enters the following string in a field:

1;SELECT Username, Password FROM Users;

Which of the following injection attacks is the penetration tester using?

Answer options

• A. Blind SQL
• B. Boolean SQL
• C. Stacked queries
• D. Error-based

Correct answer: C

Explanation

The correct answer is C, Stacked queries, because the input includes a semicolon that allows the execution of multiple SQL statements in one go. The other options, such as Blind SQL and Error-based, do not specifically refer to the use of multiple statements, while Boolean SQL focuses on conditional responses rather than executing stacked queries.