Certified Ethical Hacker (CEH v12) — Question 75
Ethical hacker Jane Smith is attempting to perform an SQL injection attack. She wants to test the response time of a true or false response and wants to use a second command to determine whether the database will return true or false results for user IDs.
Which two SQL injection types would give her the results she is looking for?
Answer options
- A. Out of band and boolean-based
- B. Union-based and error-based
- C. Time-based and union-based
- D. Time-based and boolean-based
Correct answer: D
Explanation
The correct answer is D, as time-based and boolean-based SQL injection techniques are designed to evaluate the database's response to true or false queries through timing or logical evaluation. Out of band and union-based methods focus on different aspects of SQL injection and do not directly provide the timing or boolean responses needed for her test.