ExamTopics Logo
Mail Us[email protected]
Menu
Eccouncil Discussions
exam questions

Exam 312-50v11 All Questions

View all questions & answers for the 312-50v11 exam
Go to Exam

Exam 312-50v11 topic 1 question 184 discussion

Actual exam question from ECCouncil's 312-50v11
Question #: 184
Topic #: 1
[All 312-50v11 Questions]

Suppose that you test an application for the SQL injection vulnerability. You know that the backend database is based on Microsoft SQL Server. In the login/ password form, you enter the following credentials:

Based on the above credentials, which of the following SQL commands are you expecting to be executed by the server, if there is indeed an SQL injection vulnerability?

  • A. select * from Users where UserName = 'attack' ' or 1=1 -- and UserPassword = '123456'
  • B. select * from Users where UserName = 'attack' or 1=1 -- and UserPassword = '123456'
  • C. select * from Users where UserName = 'attack or 1=1 -- and UserPassword = '123456'
  • D. select * from Users where UserName = 'attack' or 1=1 --' and UserPassword = '123456'
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by flinux at Sept. 3, 2022, 5:09 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Daniel8660
Highly Voted 1 year, 2 months ago
Selected Answer: D
Understanding Normal SQL Query # SELECT Count(*) FROM Users WHERE UserName='Blah' or 1=1 --' AND Password='Springfield' (P.2022/2006)
upvoted 9 times
...
victorfs
Most Recent 7 months, 2 weeks ago
Selected Answer: D
The correct option is D: select * from Users where UserName = 'attack' or 1=1 --' and UserPassword = '123456'
upvoted 1 times
...
VOAKDO
11 months, 2 weeks ago
D select ....from .... where inputfieldusername='whatwehavewritten_username' and inputfieldpassword='whatwehavewritten_password'-----------------> select .. from ... where ifu='attack' or 1=1 --' and ifp='123456'
upvoted 2 times
...
josevirtual
1 year, 1 month ago
Selected Answer: D
the ' symbol is after --, so the correct answer is D
upvoted 2 times
...
kiki533
1 year, 1 month ago
Correct answer is A, check char of username given.
upvoted 1 times
...
C1ph3rSt0rm
1 year, 2 months ago
Selected Answer: A
The correct answer is A. Look at where the ' is in the question and pay attention to the questions. Only one of the options has the ' in a location similar to how the question is set up.
upvoted 3 times
kiki533
1 year, 1 month ago
I agree!
upvoted 1 times
...
AaronS1990
1 year ago
Firstly, you can't take stuff like that at face value. A only says if it states 'attack' Secondly no it isn't. D is literally 'attack' or 1=1 --'. notice the second apostrophe after attack is encompassed by the third after --'
upvoted 3 times
...
...
Shashika90
1 year, 3 months ago
Selected Answer: D
Correct answer is D
upvoted 1 times
...
sn30
1 year, 3 months ago
Selected Answer: D
Correct answer is D
upvoted 1 times
...
napstervk
1 year, 3 months ago
This D
upvoted 1 times
...
Escltn
1 year, 3 months ago
Selected Answer: D
The correct answer is D. When inputting the string the it adds to the query: ... WHERE username 'attack' or 1=1 --' ... Compared to a normal input, where you just enter the phrase 'attack' (without quotes). ... WHERE username = 'attack' ...
upvoted 1 times
Escltn
1 year, 3 months ago
** Correction ... WHERE username = 'attack' or 1=1--' ...
upvoted 1 times
...
...
flinux
1 year, 3 months ago
Selected Answer: D
the correct answer is D
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel