PrepAway - Latest Free Exam Questions & Answers

What is the problem with this ASP script (login.asp)?

What is the problem with this ASP script (login.asp)?

<%

Set objConn = CreateObject(“ADODB.Connection”)

objConn.Open Application(“WebUsersConnection”)

sSQL=”SELECT * FROM Users where Username=? & Request(“user”) & _

“?and Password=? & Request(“pwd”) & “?

Set RS = objConn.Execute(sSQL)

If RS.EOF then

Response.Redirect(“login.asp?msg=Invalid Login”)

Else

Session.Authorized = True

Set RS = nothing

Set objConn = nothing Response.Redirect(“mainpage.asp”)

End If

%>

PrepAway - Latest Free Exam Questions & Answers

A.
The ASP script is vulnerable to XSS attack

B.
The ASP script is vulnerable to SQL Injection attack

C.
The ASP script is vulnerable to Session Splice attack

D.
The ASP script is vulnerable to Cross Site Scripting attack


Leave a Reply