Question

While reviewing his Apache logs, Charles discovers the following entry. What has occurred? - - [27/Jun/2017:11:42:22 -0500] "GET / ?searchterm=stuff&%20lid=1%20UNION%20SELECT%200,username,user_ id,password, Chapter 1 ■ Domain 1: Threat Management 25 name,%20email,%20FROM%20users HTTP/1.1" 200 9918 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"

A. A successful database query
B. A PHP overflow attack
C. A SQL injection attack
D. An unsuccessful database query

Answer 1

The log entry suggests that a SQL injection attack has occurred, indicated by the UNION SELECT statement within the URL, and the server's successful response code of 200. (option C)

Step-by-step explanation:

When Charles reviews his Apache logs and sees the entry with 'GET / ? searchterm=stuff&%20lid=1%20UNION%20SELECT%20...', it suggests that a SQL injection attack has occurred. This type of attack involves inserting or 'injecting' a SQL query via the input data from the client to the application. A successful attack can lead to unauthorized access to database information, which includes sensitive data such as usernames and passwords.

In the log entry, the UNION SELECT statement is a common SQL injection technique used to combine results from multiple select statements into a single result. Since the server response code is 200, which indicates success, it appears that the injection may have been successful, allowing the attacker to potentially extract sensitive information from the database.