While performing a code audit, you discover a SQL injection vulnerability assuming the following vulnerable query, what user input could be injected to make the query true and return data? select * from widgets where name = '[user-input]';
While performing a code audit, you discover a SQL injection vulnerability assuming the following vulnerable query, what user input could be injected to make the query true and return data? select * from widgets where name = '[user-input]';
To exploit a SQL injection vulnerability in the provided query, the user input needs to alter the logic of the SQL statement to always evaluate to true. The input 'or 1=1-- does this effectively. It terminates the string input with a single quote, then adds a logical OR condition that is always true (1=1), and finally comments out the rest of the query using --. This makes the entire where clause trivially true and can result in returning all data from the widgets table.
C. 'or 1=1-- This input effectively makes the query always true, bypassing the intended check and potentially exposing all data from the widgets table.