Certified Ethical Hacker (CEH v13) — Question 222

Which of the following types of SQL injection attacks extends the results returned by the original query, enabling attackers to run two or more statements if they have the same structure as the original one?

Answer options

• A. Union SQL injection
• B. Error-based injection
• C. Blind SQL injection
• D. Boolean-based blind SQL injection

Correct answer: A

Explanation

A Union SQL injection is designed to combine the results of the original query with additional results, allowing multiple statements to be executed if they share the same structure. The other options—Error-based, Blind, and Boolean-based blind SQL injections—do not enable this type of result expansion and focus on different methods of extracting data or confirming the existence of data without altering the query structure.