Attempting to inject 50 alphanumeric key strokes including spaces into an application input field
that only expects four alpha characters in considered which of the following attacks?
A.
XML injection
B.
Buffer overflow
C.
LDAP Injection
D.
SQL injection
XML Injection is an attack technique used to manipulate or compromise the logic of an XML application or service. The injection of unintended XML content and/or structures into an XML message can alter the intend logic of the application.
Correct answer? B. Buffer overflow is an anomaly where a program, while writing data to a buffer, overruns the buffer’s boundary and overwrites adjacent memory locations. A buffer overflow occurs when data written to a buffer also corrupts data values in memory addresses adjacent to the destination buffer due to insufficient bounds checking.
SQL injection is a code injection technique, used to attack data-driven applications, in which nefarious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).
0
0
itcrowd is right.
1. We did not see any SQL code on this question.
2. This question did not mention the keyword “database” or “database server”.
3. I go over more examples on the book and compare other exam questions, the answer is “Buffer overflow”.
1
0
I concur. Buffer overflow is the only possibility.
0
0
Buffer overflow is correct.
0
0
Maybe it is SQL injection as it mentions the space key stroke, too, which is widely used in SQL commands. While in buffer overflow it should be provided a single long word without spaces.
0
0
the space key is char too
0
0