Examice

Exam 1z0-908 All QuestionsBrowse all questions from this exam

Go to Exam

Question 53

Which two queries are examples of successful SQL injection attacks? (Choose two.)

SELECT user,passwd FROM members -

WHERE user = ‘?’;INSERT INTO members(‘user’,’passwd’) VALUES (‘[email protected]’,‘secret’);--‘;

SELECT id, name FROM user WHERE user.id=(SELECT members.id FROM members);

SELECT id, name FROM user WHERE id=23 OR id=32 OR 1=1;

SELECT id, name FROM user WHERE id=23 OR id=32 AND 1=1;

SELECT email,passwd FROM members

WHERE email = ‘INSERT INTO members(‘email’,’passwd’) VALUES (‘[email protected]’, ‘secret’);--‘;

SELECT user, phone FROM customers WHERE name = ‘\; DROP TABLE users; --‘;

Correct Answer: A, C

The correct examples of successful SQL injection attacks are those that manipulate the SQL query to return unintended results or perform unauthorized operations. In the first option (A), the query includes an attempt to insert a new record into the members table, which is an example of SQL injection writing to the database. In the third option (C), the query uses a '1=1' condition which always evaluates to true, potentially returning all records from the user table. Both of these options illustrate successful SQL injection attacks.

Discussion

LrnsTghOptions: AE

F only possible if session has all privileges;

xjllllOptions: AC

A and C

marklvOptions: EF

E and F, the other two don't write to the database. A might be valid. Injection is a query inside another query.