Suppose that you test an application for the SQL injection vulnerability. You know that the backend database is based on

Business, Finance, Economics, Accounting, Operations Management, Computer Science, Electrical Engineering, Mechanical Engineering, Civil Engineering, Chemical Engineering, Algebra, Precalculus, Statistics and Probabilty, Advanced Math, Physics, Chemistry, Biology, Nursing, Psychology, Certifications, Tests, Prep, and more.
Post Reply
answerhappygod
Site Admin
Posts: 899559
Joined: Mon Aug 02, 2021 8:13 am

Suppose that you test an application for the SQL injection vulnerability. You know that the backend database is based on

Post by answerhappygod »

Suppose that you test an application for the SQL injection vulnerability. You know that the backend database is based on Microsoft SQL Server. In the login/password form, you enter the following credentials:

Based on the above credentials, which of the following SQL commands are you expecting to be executed by the server, if there is indeed an SQL injection vulnerability?
Suppose That Yo 1
Suppose That Yo 1 (2.51 KiB) Viewed 32 times
A. select * from Users where UserName = ‘attack’ ’ or 1=1 -- and UserPassword = ‘123456’
B. select * from Users where UserName = ‘attack’ or 1=1 -- and UserPassword = ‘123456’
C. select * from Users where UserName = ‘attack or 1=1 -- and UserPassword = ‘123456’
D. select * from Users where UserName = ‘attack’ or 1=1 --’ and UserPassword = ‘123456’
Join a community of subject matter experts. Register for FREE to view solutions, replies, and use search function. Request answer by replying!
Top

This question has been solved and has 1 reply.

You must be registered to view answers and replies in this topic. Registration is free.


Register Login
 
Post Reply

Return to “Archived Questions & Answers”