A security analyst reviews an Apache access log entry: 192.168.1.5 - - [10/Jan/2024:08:12:35 +0000] "GET /index.php?id=1 UNION SELECT username,password FROM users-- HTTP/1.1" 200 4321 "-" "Mozilla/5.0". What type of attack is MOST likely indicated?
Trap 1: Cross-site scripting (XSS)
XSS would involve script tags, not SQL UNION statements.
Trap 2: Path traversal
Path traversal would use ../ patterns, not SQL syntax.
Trap 3: Remote file inclusion
RFI would show http:// or ftp:// in the parameter, not SQL.
- A
Cross-site scripting (XSS)
Why wrong: XSS would involve script tags, not SQL UNION statements.
- B
Path traversal
Why wrong: Path traversal would use ../ patterns, not SQL syntax.
- C
Remote file inclusion
Why wrong: RFI would show http:// or ftp:// in the parameter, not SQL.
- D
SQL injection
The UNION SELECT clause indicates an attempt to extract data from the database.