KEMBAR78
Cyberattacks Assignment | PDF | Sql | Databases
0% found this document useful (0 votes)
11 views2 pages

Cyberattacks Assignment

Uploaded by

sweetwithclips
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
11 views2 pages

Cyberattacks Assignment

Uploaded by

sweetwithclips
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 2

CYBER ATTACKS

3. Detection of Blind SQL Injection through Time Delays


During a penetration test, it is found that appending "AND SLEEP(5)" to an input field causes the
web application to delay responses by five seconds. What is a blind SQL injection, and how does this
technique help attackers probe the database? Detail how you could detect and remediate blind SQL
injection vulnerabilities in the system.

4. Cross-Database SQL Injection Attacks


Your multi-platform database application integrates with MySQL, PostgreSQL, and MS SQL
databases. During testing, a vulnerability is identified where the input "'; EXEC
xp_cmdshell('whoami') --" executes on the MS SQL database and reveals sensitive OS-level
information. Discuss how SQL injection can vary across databases, the risks of system-level command
execution, and the mitigation strategies for cross-database security.

5. SQL Injection in JSON-Based API Requests


Your web service offers a RESTful API where clients send JSON payloads. However, an attacker finds
that adding SQL code into certain JSON fields retrieves unauthorized data. Explain how SQL injection
can occur in JSON-based APIs, the risks involved, and how you would secure such APIs against
injection attacks.

6. Stored SQL Injection through User Profile Data


A vulnerability has been reported in your social media application: a user can insert SQL commands in
their profile's "About Me" section, which is later executed by an admin user viewing it. How does
stored SQL injection differ from other types, and why is it particularly dangerous? Outline measures
you would implement to prevent stored SQL injection vulnerabilities in user-generated content.

7. Second-Order SQL Injection


Your company has a sign-up form that validates inputs for SQL injection. However, SQL injection
occurs in an internal application that processes user registration data after they sign up. Describe a
second-order SQL injection, how it can go undetected during input validation, and what safeguards you
would establish to protect against it.

8. Privilege Escalation through SQL Injection


A SQL injection vulnerability in a report generation tool allows an attacker to gain admin access to the
database by elevating their privileges. How can SQL injection lead to privilege escalation, and what
potential database and system-level risks could result? Explain the steps needed to prevent
unauthorized privilege escalation.

9. Detecting SQL Injection with WAF (Web Application Firewall)


A user has triggered several alarms on your Web Application Firewall (WAF) by inputting SQL-
specific commands like UNION SELECT and ORDER BY 1. Discuss how a WAF detects SQL
injection attempts, the limitations of WAFs in detecting advanced SQL injection attacks, and the
measures you’d take to complement WAF security.

10. SQL Injection in Stored Procedures


Your team finds a vulnerability in a stored procedure that concatenates user input into a query before
executing it. Explain why stored procedures are generally safer but still vulnerable to SQL injection if
not parameterized. Describe how to write secure stored procedures and prevent SQL injection even
when using database-side code.

You might also like