Based on the above credentials, which of the following SQL commands are you expecting to be executed by the server, if there is indeed an SQL injection vulnerability?
Suppose that you test an application for the SQL injection vulnerability. You know that the backend database
is based on Microsoft SQL Server. In the login/password form, you enter the following credentials:
Username: attack’ or 1»1 –
Password: 123456
Based on the above credentials, which of the following SQL commands are you expecting to be executed by the server, if there is indeed an SQL injection vulnerability?
A . select * from Users where UserName =’attack or 1=1 -and UserPassword = ‘123456"
B . select * from users wherefuserName = ‘attack’ or 1=1 –‘and UserPassword = ‘123456’
C . select * from Users where UserName =’attack" or 1=1 -and UserPassword = ‘123456’
D . select * from users where UserName"’attack’or 1=1 – and UserPassword "’123456′
Answer: D
Latest 312-50v11 Dumps Valid Version with 432 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund