EC-Council Certified Security Analyst (ECSA v10) — Question 14

Veronica, a penetration tester at a top MNC company, is trying to breach the company's database as a part of SQLi penetration testing. She began to use the
SQLi techniques to test the database security level. She inserted new database commands into the SQL statement and appended a SQL Server EXECUTE command to the vulnerable SQL statements.
Which of the following SQLi techniques was used to attack the database?

Answer options

• A. Function call injection
• B. File inclusion
• C. Buffer Overflow
• D. Code injection

Correct answer: A

Explanation

The correct answer is A, Function call injection, as this technique involves injecting function calls into SQL statements to manipulate database execution. Options B (File inclusion), C (Buffer Overflow), and D (Code injection) do not specifically relate to the insertion of SQL commands and execution within the context of database queries.