What type of attack specifically targets data stored in databases through unsanitized inputs?

A SQL Injection Attack specifically targets data stored in databases by exploiting vulnerabilities in web applications. This type of attack occurs when an attacker is able to insert or execute malicious SQL code through unsanitized user input. When a web application fails to properly validate or sanitize the input, an attacker can manipulate the input to construct malicious SQL queries. These queries can allow the attacker to view, modify, or delete data within the database, bypass authentication mechanisms, or even execute administrative operations.

In contrast, other types of attacks mentioned are not focused on database vulnerabilities. For instance, an XSS Attack (Cross-Site Scripting) involves injecting malicious scripts into web pages viewed by users to execute the scripts in their browsers, often aimed at stealing session cookies or redirecting users. A CSRF Attack (Cross-Site Request Forgery) tricks a user into submitting requests without their consent, affecting the user’s authenticated session but not directly manipulating database inputs. Phishing Attacks rely on social engineering techniques, where users are deceived into providing sensitive information, but do not involve input manipulation on the database level. Thus, the nature of SQL Injection clearly distinguishes it as the correct answer in the context of targeting database data through unsanitized inputs.