SQL injection vulnerabilities allow attackers to manipulate database queries, potentially accessing unauthorized data, including file contents, if the database supports such operations. In MySQL, theLOAD_FILE()function is specifically designed to read the contents of a file on the server where the database is hosted, provided the file exists, the database user has appropriate privileges (e.g., FILE privilege), and the file is readable. For example, SELECT LOAD_FILE('/etc/passwd') could extract the contents of the /etc/passwd file if exploitable.
Option A ("READ_FILE()"): This is not a valid MySQL function.
Option B ("LOAD_FILE()"): This is the correct function for reading file contents in MySQL, making it the right choice for exploitation.
Option C ("FETCH_FILE()"): This is not a recognized MySQL function.
Option D ("GET_FILE()"): This is also not a valid MySQL function.
The correct answer is B, aligning with the CAP syllabus under "SQL Injection" and "Database Security."References: SecOps Group CAP Documents - "Injection Vulnerabilities," "MySQL Security Features," and "OWASP Top 10 (A03:2021 - Injection)" sections.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit