Suppose that you test an application for the SQL injection vulnerability. You know that the backend database is based on
Posted: Thu Apr 06, 2023 1:18 pm
Suppose that you test an application for the SQL injection vulnerability. You know that the backend database is based on Microsoft SQL Server. In the login/password form, you enter the following credentials:
Based on the above credentials, which of the following SQL commands are you expecting to be executed by the server, if there is indeed an SQL injection vulnerability?
A. select * from Users where UserName = ‘attack’ ’ or 1=1 -- and UserPassword = ‘123456’
B. select * from Users where UserName = ‘attack’ or 1=1 -- and UserPassword = ‘123456’
C. select * from Users where UserName = ‘attack or 1=1 -- and UserPassword = ‘123456’
D. select * from Users where UserName = ‘attack’ or 1=1 --’ and UserPassword = ‘123456’
Based on the above credentials, which of the following SQL commands are you expecting to be executed by the server, if there is indeed an SQL injection vulnerability?
- Suppose That Yo 1 (2.51 KiB) Viewed 124 times
B. select * from Users where UserName = ‘attack’ or 1=1 -- and UserPassword = ‘123456’
C. select * from Users where UserName = ‘attack or 1=1 -- and UserPassword = ‘123456’
D. select * from Users where UserName = ‘attack’ or 1=1 --’ and UserPassword = ‘123456’