What is the problem with this ASP script (login.asp)?
<%
Set objConn = CreateObject(“ADODB.Connection”)
objConn.Open Application(“WebUsersConnection”)
sSQL=”SELECT * FROM Users where Username='” & Request(“user”) & _ “‘ and Password='” & Request(“pwd”) & “‘”
Set RS = objConn.Execute(sSQL)
If RS.EOF then
Response.Redirect(“login.asp?msg=Invalid Login”)
Else
Session.Authorized = True
Set RS = nothing
Set objConn = nothing
Response.Redirect(“mainpage.asp”)
End If
%>
A.
The ASP script is vulnerable to Cross Site Scripting attack
B.
The ASP script is vulnerable to XSS attack
C.
The ASP script is vulnerable to SQL Injection attack
D.
The ASP script is vulnerable to Session Splice attack
C.
The ASP script is vulnerable to SQL Injection attack
I choose