🔥 3-day streak
CompTIA PenTest+ (PT0-003)120 / 175
Question 120 of 175

During a web application assessment, you confirm a SQL injection vulnerability in a Microsoft SQL Server backend. However, the application returns no error messages, no visible query output, and no measurable time delays when you inject boolean or time-based payloads. Outbound TCP to the internet is blocked, but the database server is permitted to make outbound DNS queries. Which technique is most appropriate to extract data from this database?

Reviewed for accuracy · Report an issueNext question