EC-Council Certified Security Analyst (ECSA v10) — Question 7

James, a penetration tester, found a SQL injection vulnerability in the website http://www.xsecurity.com. He used sqlmap and extracted the website's databases from the sql server, one of them being `offices.` Which among the following sqlmap queries does James issue in order to extract the tables related to the database
`offices`?

Answer options

• A. sqlmap -u ג€www.xsecurity.comג€ --dbs offices -T
• B. sqlmap -u ג€www.xsecurity.comג€ --dbs offices --T
• C. sqlmap -u ג€www.xsecurity.comג€ --dbs offices -tables
• D. sqlmap -u ג€www.xsecurity.comג€ --dbs offices --tables

Correct answer: D

Explanation

The correct command is D because it properly uses the --tables flag to list the tables in the specified database. Option A and B incorrectly use -T and --T, which are not valid for this command. Option C mistakenly uses -tables, which is also not a correct flag.