What is the problem with this ASP script (login.asp)?

What is the problem with this ASP script (login.asp)?
<%
Set objConn = CreateObject(“ADODB.Connection”)
objConn.Open Application(“WebUsersConnection”)
sSQL=”SELECT * FROM Users where Username='” & Request(“user”) & _ “‘ and Password='” & Request(“pwd”) & “‘”
Set RS = objConn.Execute(sSQL)
If RS.EOF then
Response.Redirect(“login.asp?msg=Invalid Login”)
Else
Session.Authorized = True
Set RS = nothing
Set objConn = nothing
Response.Redirect(“mainpage.asp”)
End If
%>

<%

Set objConn = CreateObject(“ADODB.Connection”)
objConn.Open Application(“WebUsersConnection”)

sSQL=”SELECT * FROM Users where Username='” & Request(“user”) & _ “‘ and Password='” & Request(“pwd”) & “‘”

Set RS = objConn.Execute(sSQL)

If RS.EOF then
Response.Redirect(“login.asp?msg=Invalid Login”)
Else
Session.Authorized = True
Set RS = nothing
Set objConn = nothing
Response.Redirect(“mainpage.asp”)
End If

%>

A.
The ASP script is vulnerable to Cross Site Scripting attack

B.
The ASP script is vulnerable to XSS attack

C.
The ASP script is vulnerable to SQL Injection attack

D.
The ASP script is vulnerable to Session Splice attack

Show Hint

← Previous question

Next question →