This entry appeared in the log of a server. Message: Access denied with code 403 (phase 2). Pattern match "union.{1,100}?select" at ARGS:$id. [data "union all select"] [severity "CRITICAL"] [tag "WEB_ATTACK"] [tag"WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] Action: Intercepted (phase 2 ) Apache-Handler: php5-script What type of attack has been attempted?

A. integer overflow
B. SQL injection
C. buffer overflow
D. port scan

B
Explanation: The section in the log message [data "union all select"] indicates that the union command was used, which can be used to access across tables. UNION-based attacks allow the tester to easily extract information from the database unless it is caught as in this example.

Computer Science & Information Technology

You might also like to view...

It is not necessary to resize or format the Excel worksheet while you are creating your chart in PowerPoint

Indicate whether the statement is true or false

View
Computer Science & Information Technology

The ________mobile app from EJM Digital was designed for law enforcement investigators to capture information in the field. The app can create an investigator's report, facilitate note-taking, take photos, and make audio recordings (up to 60 seconds)

Fill in the blank(s) with the appropriate word(s).

View
Computer Science & Information Technology

cin is:

a) an object b) a command c) a class d) a variable

View
Computer Science & Information Technology

_________ in a computer system is organized as a linear, or one-dimensional, address space, consisting of a sequence of bytes or words.

Fill in the blank(s) with the appropriate word(s).

View
Computer Science & Information Technology