Based on the above credentials, which of the following SQL commands are you expecting to be executed by the server, if there is indeed an SQL injection vulnerability?

Posted by: Pdfprep Category: 312-50v11 Tags: Certified Ethical Hacker (Practical), 312-50v11 exam questions, 312-50v11 practice exam Post Date: April 4, 2021

Suppose that you test an application for the SQL injection vulnerability. You know that the backend database

is based on Microsoft SQL Server. In the login/password form, you enter the following credentials:

Username: attack’ or 1»1 –

Password: 123456

Based on the above credentials, which of the following SQL commands are you expecting to be executed by the server, if there is indeed an SQL injection vulnerability?
A . select * from Users where UserName =’attack or 1=1 -and UserPassword = ‘123456"
B . select * from users wherefuserName = ‘attack’ or 1=1 –‘and UserPassword = ‘123456’
C . select * from Users where UserName =’attack" or 1=1 -and UserPassword = ‘123456’
D . select * from users where UserName"’attack’or 1=1 – and UserPassword "’123456′

Answer: D

Based on the above credentials, which of the following SQL commands are you expecting to be executed by the server, if there is indeed an SQL injection vulnerability?

Author

Leave a Reply Cancel reply