Test a login form for Time-based Blind SQL injection. Which payload should you use?

' AND IF(1=0, SLEEPP(5), 0); --

' UNION SELECT username, password FROM users; --

What does SQL Injection to RCE rely on?

Executing operating system commands via database queries

Injecting scripts into the application

You discover that a SQL injection vulnerability allows you to execute xp_cmdshell. Which command can be used to escalate this to RCE?

xp_cmdshell 'net user /add hacker';

Secure Script Template Injection

Secure Server Template Injection

What is JWT used for?

User authentication and authorization

A JWT contains the algorithm none. How can this be exploited?

By tampering with the payload without invalidating the token

What is the primary reason SSTI can lead to RCE?

Template engines evaluating untrusted user input

You identify a Jinja2 SSTI vulnerability. The payload {"".__class__.__mro__[1].__subclasses__()} retrieves classes. How can this escalate to RCE?

Access to OS-level commands via specific subclasses

How can a compromised secret key affect JWT?

It leads to SQL injection vulnerabilities.

It automatically logs out all users.

What is insecure deserialization?

A vulnerability where serialized objects can be manipulated to execute malicious code

Injecting SQL commands into an application

Exploiting SSTI vulnerabilities

You identify an object serialized in Base64. How would you test for insecure deserialization?

Decode the object, modify it, re-encode, and send it

Brute-force the serialization key

Execute a SQL injection payload

Replace it with an empty string

You find an application using Java serialization. Which of the following payloads could lead to RCE?

A malicious serialized object created via ysoserial

What does SSRF stand for?

Server-Side Reverse Functionality

Server Secure Response Function

What is a common use case of SSRF exploitation?

Accessing internal network resources

You find an SSRF vulnerability in an image upload feature that fetches external resources. How can it be exploited?

By directing the request to an internal server

By executing a stored XSS payload

What payload would you use to attempt an SSRF attack targeting metadata in AWS?

http://169.254.169.254/latest/meta-data/

You identify a vulnerable SSRF endpoint. How can you test it for internal port scanning?

Redirect requests to different ports on the internal server

Inject alert(1) into the request.

What is XPATH injection?

Exploiting vulnerabilities in XML path queries

Which of the following payloads can test for XPATH injection?

'] | //user[username/text()='admin']

What is a race condition?

A vulnerability caused by improperly managed concurrent access

Which of the following scenarios could lead to a race condition?

Simultaneous withdrawals from the same account

Insufficient password complexity

You exploit a race condition by sending multiple requests to reset a password. What is the result?

Password overwritten by the last request

What does API stand for?

Application Programming Interface

Automated Programming Integration

Application Process Integration

What is the purpose of an API?

Allowing applications to interact programmatically

Which issue ranks as the highest risk in the OWASP API Top 10?

Broken object level authorization

There is a secure website running at https://jupiter.challenges.picoctf.org/problem/29132/ ( link ) Try to see if you can log in as admin! Hint - It seems like the password is encrypted.

picoCTF{3v3n_m0r3_SQL_ef7eac2f}

WAPT 2 - Up to API Quiz

50 questions

Show all answers

1.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which of the following SQL injection types uses the same communication channel to retrieve data?

Blind SQL Injection

In-band SQL Injection

Out-of-Band SQL Injection

Error-Based SQL Injection

2.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which payload will exploit an In-band SQL injection in a login form?

' OR '1'='1; --

alert(1)

' AND 1=2; --

../etc/passwd

3.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

You intercept the following query: SELECT * FROM users WHERE username = '$user' AND password = '$pass'; What payload can you use to bypass authentication using In-band SQL injection?

' OR '1'='1; --

'; DROP TABLE users;

../etc/passwd

alert('Hack')

4.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which technique can be used to test for Blind SQL injection?

Boolean-based testing

Error-based testing

Time-based testing

Code injection

5.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

If the payload 1 AND 1=1 returns a result while 1 AND 1=2 does not, what does it indicate?

The application is vulnerable to Time-based SQL injection

The application is vulnerable to Boolean-based Blind SQL injection

The application is secure

None of the above

6.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

You send the payload: ' AND SLEEP(5); -- The response takes 5 seconds to load. What does this confirm?

Boolean-based Blind SQL injection

Error-based SQL injection

Time-based Blind SQL injection

Reflected XSS

7.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

What type of Blind SQL injection is being tested when no error is returned, but delays occur?

Boolean-based

Time-based

In-band

Error-based

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

50 questions

Kuis Kontrol Panel Hosting

Quiz

•

12th Grade

55 questions

Computer and Software Knowledge Quiz

Quiz

•

9th - 12th Grade

50 questions

SOAL UAS ASJ XII TKJ 1 dan 2

Quiz

•

12th Grade

50 questions

Soal Teori Kejuruan

Quiz

•

12th Grade

49 questions

Gr12 CATN - Term 1 Part 1

Quiz

•

12th Grade

50 questions

Cisco D1:L4/5 Networking

Quiz

•

12th Grade

55 questions

B.4 CompTIA ITF + Certification Exam (2nd Quizziz game)

Quiz

•

9th - 12th Grade

52 questions

What Is IT Fundamentals

Quiz

•

12th Grade

Popular Resources on Wayground

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

29 questions

Alg. 1 Section 5.1 Coordinate Plane

Quiz

•

9th Grade

$fractions$

22 questions

fractions

Quiz

•

3rd Grade

11 questions

FOREST Effective communication

Lesson

•

KG

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

Discover more resources for Computers

20 questions

-AR -ER -IR present tense

Quiz

•

10th - 12th Grade

22 questions

El Imperfecto

Quiz

•

9th - 12th Grade

20 questions

SSS/SAS

Quiz

•

9th - 12th Grade

20 questions

verbos reflexivos en español

Quiz

•

9th - 12th Grade

14 questions

Making Inferences From Samples

Quiz

•

7th - 12th Grade

23 questions

CCG - CH8 Polygon angles and area Review

Quiz

•

9th - 12th Grade

8 questions

Momentum and Collisions

Lesson

•

9th - 12th Grade

28 questions

Ser vs estar

Quiz

•

9th - 12th Grade

WAPT 2 - Up to API

Which of the following SQL injection types uses the same communication channel to retrieve data?

Which payload will exploit an In-band SQL injection in a login form?

You intercept the following query: SELECT * FROM users WHERE username = '$user' AND password = '$pass'; What payload can you use to bypass authentication using In-band SQL injection?

Which technique can be used to test for Blind SQL injection?

If the payload 1 AND 1=1 returns a result while 1 AND 1=2 does not, what does it indicate?

You send the payload: ' AND SLEEP(5); -- The response takes 5 seconds to load. What does this confirm?

What type of Blind SQL injection is being tested when no error is returned, but delays occur?

Which payload is used for Time-based Blind SQL injection?

Test a login form for Time-based Blind SQL injection. Which payload should you use?

What does SQL Injection to RCE rely on?

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Computers