An attacker is launching an attack against an input field in a form that is used to retrieve restricted information that is filtered dependent upon the privileges of the logged in user. This attacker inserts "' or 1=1;--" into this field. What is most likely the attacker's desired result from this insertion?
The attack described involves SQL injection, where the attacker inputs a string designed to alter the executed SQL query. The string "' or 1=1;--" effectively changes the query to always be true (because 1=1 is always true). This can lead to the SQL server returning all of the information in the selected fields since the condition for filtering the data by user privileges is bypassed. Therefore, the most likely desired result is to force a TRUE condition and retrieve all information in the selected fields.
Answer should be B
It is B, true condition