Test a login form for Time-based Blind SQL injection. Which payload should you use?

' AND IF(1=0, SLEEPP(5), 0); --

' UNION SELECT username, password FROM users; --

What does SQL Injection to RCE rely on?

Executing operating system commands via database queries

Injecting scripts into the application

You discover that a SQL injection vulnerability allows you to execute xp_cmdshell. Which command can be used to escalate this to RCE?

xp_cmdshell 'net user /add hacker';

Secure Script Template Injection

Secure Server Template Injection

What is JWT used for?

User authentication and authorization

A JWT contains the algorithm none. How can this be exploited?

By tampering with the payload without invalidating the token

What is the primary reason SSTI can lead to RCE?

Template engines evaluating untrusted user input

You identify a Jinja2 SSTI vulnerability. The payload {"".__class__.__mro__[1].__subclasses__()} retrieves classes. How can this escalate to RCE?

Access to OS-level commands via specific subclasses

How can a compromised secret key affect JWT?

It leads to SQL injection vulnerabilities.

It automatically logs out all users.

What is insecure deserialization?

A vulnerability where serialized objects can be manipulated to execute malicious code

Injecting SQL commands into an application

Exploiting SSTI vulnerabilities

You identify an object serialized in Base64. How would you test for insecure deserialization?

Decode the object, modify it, re-encode, and send it

Brute-force the serialization key

Execute a SQL injection payload

Replace it with an empty string

You find an application using Java serialization. Which of the following payloads could lead to RCE?

A malicious serialized object created via ysoserial

What does SSRF stand for?

Server-Side Reverse Functionality

Server Secure Response Function

What is a common use case of SSRF exploitation?

Accessing internal network resources

You find an SSRF vulnerability in an image upload feature that fetches external resources. How can it be exploited?

By directing the request to an internal server

By executing a stored XSS payload

What payload would you use to attempt an SSRF attack targeting metadata in AWS?

http://169.254.169.254/latest/meta-data/

You identify a vulnerable SSRF endpoint. How can you test it for internal port scanning?

Redirect requests to different ports on the internal server

Inject alert(1) into the request.

What is XPATH injection?

Exploiting vulnerabilities in XML path queries

Which of the following payloads can test for XPATH injection?

'] | //user[username/text()='admin']

What is a race condition?

A vulnerability caused by improperly managed concurrent access

Which of the following scenarios could lead to a race condition?

Simultaneous withdrawals from the same account

Insufficient password complexity

You exploit a race condition by sending multiple requests to reset a password. What is the result?

Password overwritten by the last request

What does API stand for?

Application Programming Interface

Automated Programming Integration

Application Process Integration

What is the purpose of an API?

Allowing applications to interact programmatically

Which issue ranks as the highest risk in the OWASP API Top 10?

Broken object level authorization

There is a secure website running at https://jupiter.challenges.picoctf.org/problem/29132/ ( link ) Try to see if you can log in as admin! Hint - It seems like the password is encrypted.

picoCTF{3v3n_m0r3_SQL_ef7eac2f}

WAPT 2 - Up to API

Authored by Nafish Alam

Computers

12th Grade

Used 1+ times

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

50 questions

Show all answers

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which of the following SQL injection types uses the same communication channel to retrieve data?

Blind SQL Injection

In-band SQL Injection

Out-of-Band SQL Injection

Error-Based SQL Injection

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which payload will exploit an In-band SQL injection in a login form?

' OR '1'='1; --

alert(1)

' AND 1=2; --

../etc/passwd

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

You intercept the following query: SELECT * FROM users WHERE username = '$user' AND password = '$pass'; What payload can you use to bypass authentication using In-band SQL injection?

' OR '1'='1; --

'; DROP TABLE users;

../etc/passwd

alert('Hack')

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which technique can be used to test for Blind SQL injection?

Boolean-based testing

Error-based testing

Time-based testing

Code injection

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

If the payload 1 AND 1=1 returns a result while 1 AND 1=2 does not, what does it indicate?

The application is vulnerable to Time-based SQL injection

The application is vulnerable to Boolean-based Blind SQL injection

The application is secure

None of the above

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

You send the payload: ' AND SLEEP(5); -- The response takes 5 seconds to load. What does this confirm?

Boolean-based Blind SQL injection

Error-based SQL injection

Time-based Blind SQL injection

Reflected XSS

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

What type of Blind SQL injection is being tested when no error is returned, but delays occur?

Boolean-based

Time-based

In-band

Error-based

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

49 questions

ACWM Bloque III

Quiz

•

12th Grade

50 questions

SAS Basisdata XII

Quiz

•

12th Grade

50 questions

Quiz PHP dan Server-Side Scripting

Quiz

•

12th Grade

54 questions

Introduzione_ai_Database

Quiz

•

12th Grade

55 questions

Uji Kompetesi

Quiz

•

1st - 12th Grade

55 questions

IT Specialist HTML5 Application Development - Practice 1

Quiz

•

12th Grade

50 questions

US Kelas XII Jaringan, Komputer SMK Samudera Bandar Lampung

Quiz

•

12th Grade

52 questions

UTS PSIT 2024

Quiz

•

12th Grade

Popular Resources on Wayground

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

54 questions

Analyzing Line Graphs & Tables

Quiz

•

4th Grade

$fractions$

22 questions

fractions

Quiz

•

3rd Grade

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

15 questions

Equivalent Fractions

Quiz

•

4th Grade

Discover more resources for Computers

18 questions

[AP CSP] JavaScript Programming Lesson 2025-2026

Lesson

•

9th - 12th Grade

57 questions

[AP CSP] Unit 5 Review: Internet & Cybersecurity

Quiz

•

9th - 12th Grade

WAPT 2 - Up to API

Which of the following SQL injection types uses the same communication channel to retrieve data?

Which payload will exploit an In-band SQL injection in a login form?

You intercept the following query: SELECT * FROM users WHERE username = '$user' AND password = '$pass'; What payload can you use to bypass authentication using In-band SQL injection?

Which technique can be used to test for Blind SQL injection?

If the payload 1 AND 1=1 returns a result while 1 AND 1=2 does not, what does it indicate?

You send the payload: ' AND SLEEP(5); -- The response takes 5 seconds to load. What does this confirm?

What type of Blind SQL injection is being tested when no error is returned, but delays occur?

Which payload is used for Time-based Blind SQL injection?

Test a login form for Time-based Blind SQL injection. Which payload should you use?

What does SQL Injection to RCE rely on?

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Computers