Which tool is used to automate SQL injections and exploit a database by forcing a given web application to connect to another database controlled by a hacker?
A. DataThief
B. NetCat
C. Cain and Abel
D. SQLInjector
EC-Council Certified Ethical Hacker v11Free dumps for 312-50v11 in Printable PDF format.High quality PDF and software. VALID exam to help you pass. |
 |
|
Download Printable PDF. VALID exam to help you PASS. |
|
I think A is the correct answers. Explanation:
Data Thief is a ‘proof-on-concept’ tool used to demonstrate to web administrators and developers how easy it is to steal data from a web application that is vulnerable to SQL Injection. Data Thief is designed to retrieve the data from a Microsoft SQL Server back-end behind a web application with a SQL Injection vulnerability. Once a SQL Injection vulnerability is identified, Data Thief does all the work of listing the linked severs, laying out the database schema, and actually selecting the data from a table in the application.
https://securiteam.com/tools/5hp0w009po/
A:
https://www.skillset.com/questions/which-tool-is-used-to-automate-sql-injections-and-exploit-a-database-by-forcing-a-given-web-applicat
Should be D
SQL inj3ctor
A is correct. DataThief connects to a remote database and dumps tables etc.
SQLInjection only performs SQLis.
I’m not sure about the answer, as you say, “DataThief connects to a remote database and dumps tables”. So, DataThief creates a new database and dump the tables.
The question is: “forcing a given web application to connect to another database controlled by a hacker” so you need to be able to modify the application database connection… maybe you can use nc to redirect the traffic of server to your own database instead of application database