What is the problem with this ASP script (login.asp)?

What is the problem with this ASP script (login.asp)?

<%

Set objConn = CreateObject("ADODB.Connection")

objConn.Open Application("WebUsersConnection")

sSQL="SELECT * FROM Users where Username=? & Request("user") & _

"?and Password=? & Request("pwd") & "?

Set RS = objConn.Execute(sSQL)

If RS.EOF then

Response.Redirect("login.asp?msg=Invalid Login")

Else

Session.Authorized = True

Set RS = nothing

Set objConn = nothing Response.Redirect("mainpage.asp")

End If

%>

What is the problem with this ASP script (login.asp)?

<%

Set objConn = CreateObject(“ADODB.Connection”)

objConn.Open Application(“WebUsersConnection”)

sSQL=”SELECT * FROM Users where Username=? & Request(“user”) & _

“?and Password=? & Request(“pwd”) & “?

Set RS = objConn.Execute(sSQL)

If RS.EOF then

Response.Redirect(“login.asp?msg=Invalid Login”)

Else

Session.Authorized = True

Set RS = nothing

Set objConn = nothing Response.Redirect(“mainpage.asp”)

End If

%>

A.
The ASP script is vulnerable to XSS attack

B.
The ASP script is vulnerable to SQL Injection attack

C.
The ASP script is vulnerable to Session Splice attack

D.
The ASP script is vulnerable to Cross Site Scripting attack

Show Hint

Leave a Reply 0

Your email address will not be published. Required fields are marked *