Certified Incident Handler (CIH) Practice Ecam

Which regular expression is used by attackers to enhance SQL injection attacks?

• A. /((\%27)|(\'))union/ix
• B. /(\bSELECT\b)/ix
• C. /^\W*$/
• D. /\bDROP\b/i

The correct answer is: /((\%27)|(\'))union/ix

The regular expression used by attackers to enhance SQL injection attacks is indeed associated with the expression that includes the union SQL command. The chosen expression, which incorporates variations of the single quote (either URL-encoded `%27` or a standard single quote `'`), is specifically designed to identify SQL commands that exploit vulnerabilities in database queries. By employing the `union` statement, attackers can combine the results of two or more SELECT statements, potentially allowing them to retrieve sensitive information from different tables within the database. The use of the `ix` flags at the end of the expression indicates that the search is case-insensitive and ignores whitespace, which can help ensure that the injection is not disrupted by variations in case or extra spaces. This specific combination of characters and commands makes the expression particularly effective in SQL injection contexts, as it opens up possibilities for data retrieval when the underlying application code fails to properly sanitize user inputs before constructing SQL statements. In contrast, expressions that only match against specific SQL commands like `SELECT` or `DROP` do not have the same level of versatility in terms of extracting data through union operations, while the expression looking for non-word characters does not pertain directly to SQL injection tactics. The focus on the union functionality in the correct answer