Certified Ethical Hacker (CEH v13) — Question 203

While performing a security audit of a web application, an ethical hacker discovers a potential vulnerability. The application responds to logically incorrect queries with detailed error messages that divulge the underlying database's structure. The ethical hacker decides to exploit this vulnerability further. Which type of SQL Injection attack is the ethical hacker likely to use?

Answer options

• A. UNION SQL Injection
• B. Error-based SQL Injection
• C. In-band SQL Injection
• D. Blind/Inferential SQL Injection

Correct answer: B

Explanation

The ethical hacker is likely to use Error-based SQL Injection because the detailed error messages provide insights into the database structure, allowing for targeted exploitation. Other options, like UNION SQL Injection and In-band SQL Injection, do not specifically leverage error messages for information gathering, while Blind/Inferential SQL Injection relies on different techniques that do not utilize error feedback.