Computer Hacking Forensic Investigator (CHFI v10) — Question 562

After an SQL Injection attack, an investigator is examining a log entry in an IIS log from a Windows-based server. The investigator notices a suspicious GET request: Id=ORD-001%27%20or%201=1;--. What can the investigator infer from this decoded query in the investigation?

Answer options

• A. The attack has attempted to extract database and table names
• B. The attack was made from a Linux machine
• C. The attack has bypassed authentication to access sensitive data from the database
• D. The attack is trying to retrieve the number of columns that are vulnerable to attack

Correct answer: C

Explanation

The correct answer is C because the presence of 'or 1=1' in the SQL query indicates an attempt to bypass authentication mechanisms to gain unauthorized access to data. Option A is incorrect as the query does not specifically extract database or table names, B is incorrect because the log does not provide information about the operating system of the attacker, and D is incorrect since the query does not focus on identifying vulnerable columns.