ExamTopics Logo
Mail Us[email protected]
Menu
Eccouncil Discussions
exam questions

Exam 312-50v13 All Questions

View all questions & answers for the 312-50v13 exam
Go to Exam

Exam 312-50v13 topic 1 question 38 discussion

Actual exam question from ECCouncil's 312-50v13
Question #: 38
Topic #: 1
[All 312-50v13 Questions]

Suppose that you test an application for the SQL injection vulnerability. You know that the backend database is based on Microsoft SQL Server. In the login/password form, you enter the following credentials:

Based on the above credentials, which of the following SQL commands are you expecting to be executed by the server, if there is indeed an SQL injection vulnerability?

  • A. select * from Users where UserName = ‘attack’ ’ or 1=1 -- and UserPassword = ‘123456’
  • B. select * from Users where UserName = ‘attack’ or 1=1 -- and UserPassword = ‘123456’
  • C. select * from Users where UserName = ‘attack or 1=1 -- and UserPassword = ‘123456’
  • D. select * from Users where UserName = ‘attack’ or 1=1 --’ and UserPassword = ‘123456’
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by tong0819 at Jan. 9, 2025, 1:47 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
NikoTomas
2 months ago
Selected Answer: D
Correct is D. In B option, there is missing apostrophe ' after --. This is exacly like example from PortSwigger (link below): Original query: SELECT * FROM products WHERE category = ' ' AND released = 1 ...leads to this when you instert Gifts' OR 1=1-- (note the original apostrophe after the -- in the result): SELECT * FROM products WHERE category = 'Gifts' OR 1=1--' AND released = 1 ...the apostrophe from inserted string Gifts' OR 1=1-- was in the resulting query paired with the leading original apostrophe and originaly enclosing aspostrophe pair still exist after our inserted string - at the and of 'Gifts' OR 1=1--' https://portswigger.net/web-security/sql-injection
upvoted 2 times
...
agastya_5272
2 months, 1 week ago
Selected Answer: B
in the D option there is syntaxt error extra envoted comma.
upvoted 1 times
...
killwitch
2 months, 1 week ago
Selected Answer: B
B. select * from Users where UserName = ‘attack’ or 1=1 -- and UserPassword = ‘123456’. attack' or 1=1 -- is a classic SQL injection attempt. Let's break it down: attack' - Closes the existing UserName string. or 1=1 - Always evaluates to true, bypassing authentication. -- This is a SQL comment that ignores everything after it (including the password check). Now, inserting this into a vulnerable SQL query: SELECT * FROM Users WHERE UserName = 'attack' or 1=1 --' AND UserPassword = '123456' After the -- comment truncates the rest of the query, it effectively becomes: SELECT * FROM Users WHERE UserName = 'attack' OR 1=1; Since 1=1 is always true, this query returns all users, allowing unauthorized access.
upvoted 1 times
NikoTomas
2 months ago
Actually you described D bud claiming that B is correct. What you describe is D - and D is correct: As you wrote: "Now, inserting this into a vulnerable SQL query:" SELECT * FROM Users WHERE UserName = 'attack' or 1=1 --' AND UserPassword = '123456' The ' after -- comment (--') is missing in B. You put it correctly there and end up with D option. Original statement in SQL is ...WHERE UserName='some-string-as-user-name' - and the closing ' at the end will not disappear as in option B, it will stay there as you correctly derived - it's option D.
upvoted 1 times
...
...
HeyacedoGomez
2 months, 3 weeks ago
Selected Answer: B
Option A: Incorrect due to an extra or misplaced quotation mark (‘attack’ ’). Option B: Correct SQL syntax. The condition OR 1=1 makes the WHERE clause always true, and -- starts a comment, ignoring everything after it. Option C: Incorrect because the string 'attack or 1=1 -- is not properly enclosed in quotes. Option D: Incorrect due to --’, which incorrectly uses both the comment symbol and a quotation mark.
upvoted 2 times
NikoTomas
2 months ago
Correct is D. In B option, there is missing apostrophe ' after --. This is exacly like example from PortSwigger (link below): Original query: SELECT * FROM products WHERE category = ' ' AND released = 1 ...leads to this when you instert Gifts' OR 1=1-- (note the original apostrophe after the -- in the result): SELECT * FROM products WHERE category = 'Gifts' OR 1=1--' AND released = 1 ...the apostrophe from inserted string Gifts' OR 1=1-- was in the resulting query paired with the leading original apostrophe and originaly enclosing aspostrophe pair still exist after our inserted string - at the and of 'Gifts' OR 1=1--' https://portswigger.net/web-security/sql-injection
upvoted 1 times
...
...
SNimlaka
3 months, 2 weeks ago
Selected Answer: B
The answer should be B.
upvoted 3 times
...
cb56e21
3 months, 3 weeks ago
Selected Answer: B
it should be B since we are passing directly the user input
upvoted 1 times
...
MHafizC
3 months, 3 weeks ago
Selected Answer: D
D is the answer. Refer to the book.
upvoted 1 times
...
tong0819
4 months ago
Selected Answer: D
Answer is D.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago