Which of the following URLs can he use to accomplish this attack?

Posted by: Pdfprep Category: PT0-001 Tags: , , Post Date: November 13, 2020

Joe, an attacker, intends to transfer funds discreetly from a victim’s account to his own.

Which of the following URLs can he use to accomplish this attack?
A . https://testbank.com/BankingApp/AC
B . aspx?CustID=435345&accountType=F&action­ACHTransfer&senderID=654846&notify=False&creditaccount=’OR 1=1 AND select username from testbank.custinfo where username like ‘Joe’&amount=200
C . https://testbank.com/BankingApp/AC
D . aspx?CustID=435345&accountType=F&action­ACHTransfer&senderID=654846&notify=False&creditaccount=’OR 1=1 AND select username from testbank.custinfo where username like ‘Joe’ &amount=200
E . https://testbank.com/BankingApp/AC
F . aspx?CustID=435345&accountType=F&action­ACHTransfer&senderID=654846&notify=True&creditaccount=’OR 1=1 AND select username from testbank.custinfo where username like ‘Joe’ &amount=200
G . https://testbank.com/BankingApp/AC
H . aspx?CustID=435345&accountType=F&action­ACHTransfer&senderID=654846&notify=True&creditaccount=’AND 1=1 AND select username from testbank.custinfo where username like ‘Joe’ &amount=200

Answer: B

Author

Leave a Reply

Your email address will not be published.