Exam4Training

Which flaw does an attacker leverage when exploiting SQL injection vulnerabilities?

Which flaw does an attacker leverage when exploiting SQL injection vulnerabilities?
A . user input validation in a web page or web application
B . Linux and Windows operating systems
C . database
D . web page images

Answer: A

Explanation:

SQL injection usually occurs when you ask a user for input, like their username/userid, but the user gives

(“injects”) you an SQL statement that you will unknowingly run on your database. For example: Look at the following example, which creates a SELECT statement by adding a variable (txtUserId) to a select

string. The variable is fetched from user input (getRequestString):

txtUserId = getRequestString(“UserId”);

txtSQL = “SELECT * FROM Users WHERE UserId = ” + txtUserId;

If user enter something like this: “100 OR 1=1” then the SzQL statement will look like this:

SELECT * FROM Users WHERE UserId = 100 OR 1=1;

The SQL above is valid and will return ALL rows from the “Users” table, since OR 1=1 is always TRUE.

A hacker might get access to all the user names and passwords in this database.

Latest 350-701 Dumps Valid Version with 327 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Exit mobile version