Examice

Exam GCIH All QuestionsBrowse all questions from this exam

Question 82

An attacker is launching an attack against an input field in a form that is used to retrieve restricted information that is filtered dependent upon the privileges of the logged in user. This attacker inserts "' or 1=1;--" into this field. What is most likely the attacker's desired result from this insertion?

This forces a bypass on the back-end authentication mechanism, allowing total access to the entire database

This forces a TRUE condition and may cause the SQL server to return all of the information in the selected field(s)

This forces a UNION condition and may cause the SQL server to return a list of all columns in the database

This forces an INSERT condition and will dump all rows in the table to the users screen

Correct Answer: B

The attack described involves SQL injection, where the attacker inputs a string designed to alter the executed SQL query. The string "' or 1=1;--" effectively changes the query to always be true (because 1=1 is always true). This can lead to the SQL server returning all of the information in the selected fields since the condition for filtering the data by user privileges is bypassed. Therefore, the most likely desired result is to force a TRUE condition and retrieve all information in the selected fields.

Discussion

847ch0n3Option: B

It is B, true condition

Raj8933Option: B

Answer should be B