Based on the above credentials, which of the following SQL commands are you expecting to be executed by the server, if there is indeed an SQL injection vulnerability?

exams

3 years ago

Suppose that you test an application for the SQL injection vulnerability. You know that the backend database is based on Microsoft SQL Server.

In the login/password form, you enter the following credentials:

Username: attack’ or 1=1 –

Password: 123456

Based on the above credentials, which of the following SQL commands are you expecting to be executed by the server, if there is indeed an SQL injection vulnerability?
A . select * from Users where UserName = ‘attack’ ’ or 1=1 — and UserPassword = ‘123456’
B . select * from Users where UserName = ‘attack’ or 1=1 — and UserPassword = ‘123456’
C . select * from Users where UserName = ‘attack or 1=1 — and UserPassword = ‘123456’
D . select * from Users where UserName = ‘attack’ or 1=1 –’ and UserPassword = ‘123456’

Answer: A

Latest 312-50v11 Dumps Valid Version with 432 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download 312-50v11 PDF 312-50v11 Questions Online Training