New Register here for RBI, SEBI & NABARD strategy workshop! April 9 at 7 PM

    Question

    What is the primary difference between SQL Injection and

    Command Injection?
    A SQL Injection targets a database, while Command Injection targets the operating system Correct Answer Incorrect Answer
    B SQL Injection exploits scripts, while Command Injection exploits browsers Correct Answer Incorrect Answer
    C SQL Injection targets HTTP protocols, while Command Injection targets SMTP protocols Correct Answer Incorrect Answer
    D SQL Injection disrupts servers, while Command Injection disrupts clients Correct Answer Incorrect Answer
    E SQL Injection is harmless compared to Command Injection. Correct Answer Incorrect Answer

    Solution

    SQL Injection manipulates database queries through insecure input handling, compromising data integrity and confidentiality. Command Injection executes arbitrary OS commands, leveraging vulnerabilities in web applications to gain deeper system access. For example:

    • SQL Injection: ' OR 1=1 -- retrieves all database records.
    • Command Injection: ; rm -rf / executes a destructive system command.
    1. Impact of SQL Injection: It compromises database security but doesn’t directly access the OS.
    2. Impact of Command Injection: Can control the host system, escalating privileges and causing more extensive damage.
    Why Other Options Are Incorrect:      
    • Exploits browsers: Neither attack targets browsers.
    • Targets protocols: SQL Injection and Command Injection are unrelated to HTTP or SMTP protocols.
    • Disrupts servers/clients: Both can disrupt servers but differ in targets (database vs. OS).
    • Harmless comparison: SQL Injection is equally dangerous depending on context.

    Practice Next