The following script shows a simple SQL injection.
The script builds an SQL query by concatenating hard-coded strings together with a string entered by the user:
The user is prompted to enter the name of a city on a Web form.
If she enters Chicago, the query assembled by the script looks similar to the following:
SELECT * FROM OrdersTable WHERE ShipCity = ‘Chicago’
How will you delete the OrdersTable from the database using SQL Injection?
A . Chicago’; drop table OrdersTable -
B . Delete table’blah’; OrdersTable -
C . EXEC; SELECT * OrdersTable > DROP -
D . cmdshell’; ‘del c:sqlmydbOrdersTable’ //
Answer: A
Latest CEH-001 Dumps Valid Version with 878 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund