"},"suggestedAnswer":[{"@type":"Answer","text":"' OR 1=1--"},{"@type":"Answer","text":"../../../../etc/passwd"},{"@type":"Answer","text":"SLEEP(5)"}]},{"@type":"Question","position":6,"name":"What is the purpose of using 'nikto' during a web application penetration test?","acceptedAnswer":{"@type":"Answer","text":"Scan for known web server vulnerabilities and misconfigurations"},"suggestedAnswer":[{"@type":"Answer","text":"Crack web application passwords"},{"@type":"Answer","text":"Intercept and modify HTTP requests"},{"@type":"Answer","text":"Fuzz input fields for SQL injection"}]},{"@type":"Question","position":7,"name":"An attacker discovers a web shell at /uploads/shell.php and sends a GET request with '?cmd=id'. What does this confirm?","acceptedAnswer":{"@type":"Answer","text":"Remote code execution through the uploaded shell is successful"},"suggestedAnswer":[{"@type":"Answer","text":"The target is vulnerable to SQL injection"},{"@type":"Answer","text":"The server is running Windows IIS"},{"@type":"Answer","text":"The attacker has root privileges"}]}]}
Practice Test Geeks home

OSCP Web Application Attacks 3

In a UNION-based SQL injection attack, what must be true about the injected SELECT statement?

Select your answer