Which flaw does an attacker leverage when exploiting SQL injection vulnerabilities?
A . user input validation in a web page or web application
B . Linux and Windows operating systems
C . database
D . web page images
Answer: A
Explanation:
SQL injection usually occurs when you ask a user for input, like their username/userid, but the user gives (“injects”) you an SQL statement that you will unknowingly run on your database.
For example:
Look at the following example, which creates a SELECT statement by adding a variable (txtUserId) to a select string.
The variable is fetched from user input (getRequestString):
txtUserId = getRequestString(“UserId”);
txtSQL = “SELECT * FROM Users WHERE UserId = ” + txtUserId;
If user enter something like this: “100 OR 1=1” then the SQL statement will look like this:
SELECT * FROM Users WHERE UserId = 100 OR 1=1;
The SQL above is valid and will return ALL rows from the “Users” table, since OR 1=1 is always TRUE. A
hacker might get access to all the user names and passwords in this database.
Latest 350-701 Dumps Valid Version with 327 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund