Prepare for the Ethical Hacking Essentials Test. Dive into flashcards and multiple choice questions, with hints and explanations for each one. Ace your exam!

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.


Which method of attack typically manipulates an application to execute unauthorized commands?

  1. Heap overflow

  2. Buffer overflow

  3. Code injection

  4. Session hijacking

The correct answer is: Code injection

The correct answer is code injection, which refers to a technique where an attacker inserts malicious code into an application, allowing them to execute unauthorized commands. This manipulation typically takes advantage of vulnerabilities in the input validation processes of applications. When an application does not properly sanitize user inputs, it becomes susceptible to this type of attack, enabling the attacker to control how the application behaves. Code injection can occur in various contexts, such as SQL injection for databases, where an attacker inserts SQL commands through a web form to manipulate the database. This method can lead to unauthorized data access, modification, or even complete system compromise. Although other options like heap overflow and buffer overflow are also types of vulnerabilities that could lead to similar issues, they primarily exploit memory management flaws rather than directly manipulating the application's command execution. Session hijacking, on the other hand, focuses on taking control of a user's session rather than injecting code into the application itself. This highlights the unique nature of code injection as a method of directly altering application commands.