Jeremy is web security consultant for Information Securitas. Jeremy has just been hired to perform
contract work for a large state agency in Michigan. Jeremy’s first task is to scan all the company’s
external websites. Jeremy comes upon a login page which appears to allow employees access to
sensitive areas on the website. James types in the following statement in the username field:
SELECT * from Users where username=’admin’ ?AND password=” AND email like
‘%@testers.com%’
What will the SQL statement accomplish?
A.
If the page is susceptible to SQL injection, it will look in the Users table for usernames of admin
B.
This statement will look for users with the name of admin, blank passwords, and email
addresses that end in @testers.com
C.
This Select SQL statement will log James in if there are any users with NULL passwords
D.
James will be able to see if there are any default user accounts in the SQL database
Explanation:
This query will search for admin user with blank password with mail address @testers.com