Certified Ethical Hacker (CEH v11) — Question 187
SQL injection (SQLi) attacks attempt to inject SQL syntax into web requests, which may bypass authentication and allow attackers to access and/or modify data attached to a web application.
Which of the following SQLi types leverages a database server's ability to make DNS requests to pass data to an attacker?
Answer options
- A. In-band SQLi
- B. Union-based SQLi
- C. Out-of-band SQLi
- D. Time-based blind SQLi
Correct answer: C
Explanation
The correct answer is Out-of-band SQLi, as it specifically uses the database's ability to make DNS requests to send data to an attacker. In-band SQLi refers to attacks where the data is retrieved via the same channel used for injection. Union-based SQLi is a type of in-band attack that combines results from multiple queries, while Time-based blind SQLi relies on the response time of the database to infer information.