Certified Ethical Hacker (CEH v12) — Question 276

Which of the following types of SQL injection attacks extends the results returned by the original query, enabling attackers to run two or more statements if they have the same structure as the original one?

Answer options

• A. Union SQL injection
• B. Error-based injection
• C. Blind SQL injection
• D. Boolean-based blind SQL injection

Correct answer: A

Explanation

The correct answer, Union SQL injection, allows an attacker to combine the results of the original query with additional queries, effectively extending the data returned. The other options, such as Error-based and Blind SQL injection, do not enable the execution of multiple statements in the same way, focusing instead on exploiting errors or lack of response.