LOGBOOK

HELP

Quiz Entry - updated: 2026.07.05

What is an in-band SQL injection attack?

The stolen data comes straight back in the same response the attacker is already looking at.

In-band injection returns results directly through the same channel used for the attack — the simplest and most common case.

Example: Attacker sends:

' UNION SELECT username, password FROM users--

The query becomes:

SELECT name, description FROM products
WHERE category = 'Gifts' UNION SELECT username, password FROM users--

Results (usernames and passwords) are returned directly in the product listing response.

Go deeper:

From Quiz: SPRG / Input Validation & Output Encoding | Updated: Jul 05, 2026