Question

Which of the following attack types confirms the vulnerability by revealing database-specific exceptions or error messages to the end-user or attacker?

1) SQL Injection
2) Cross-Site Scripting (XSS)
3) Cross-Site Request Forgery (CSRF)
4) Error-based SQL Injection

Answer 1

Error-based SQL Injection is an attack type that confirms vulnerabilities by revealing database-specific exceptions or error messages to the end-user or attacker.

Step-by-step explanation:

The attack type that confirms the vulnerability by revealing database-specific exceptions or error messages to the end-user or attacker is Error-based SQL Injection.

When an attacker injects a specially crafted SQL query into a vulnerable application, it can cause the application to generate errors revealing information about the database structure or even the data itself. This can give the attacker valuable insights into the system and help them plan further attacks.

For example, if an error message indicates that the application is using a specific database management system, the attacker can tailor their attack techniques accordingly.