SQL injection attacks exploit vulnerabilities in web applications by inserting malicious SQL code into input fields, such as a search box. This can cause the server to execute unintended commands, often revealing restricted information.
* Man-in-the-Middle (Option A):This intercepts communication but does not involve code injection.
* Denial of Service (DoS) (Option B):This aims to disrupt service, not extract information.
* Cross-Site Scripting (Option D):Involves injecting malicious scripts to execute in a user's browser but does not extract server-side data.
Reference:ISACA CISA Review Manual, Job Practice Area 4: Protection of Information Assets.