Jimmy, an attacker, knows that he can take advantage of poorly designed input validation routines to create or alter SQL commands to gain access to private data or execute commands in the database. What technique does Jimmy use to compromise a database?

A.
Jimmy can submit user input that executes an operating system command to compromise a target system

B.
Jimmy can utilize this particular database threat that is an SQL injection technique to penetrate a target system

C.
Jimmy can utilize an incorrect configuration that leads to access with higher-than-expected privilege of the database

D.
Jimmy can gain control of system to flood the target system with requests, preventing legitimate users from gaining access

Explanation:
SQL injection is a security vulnerability that occurs in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. It is in fact an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another.