Jeremy is web security consultant for Information Securitas. Jeremy has just been hired to perform contract work for a large state agency in Michigan. Jeremy’s first task is to scan all the company’s external websites. Jeremy comes upon a login page which appears to allow employees access to sensitive areas on the website. James types in the following statement in the username field:
SELECT * from Users where username=’admin’ ?AND password=” AND email like ‘%@testers.com%’
What will the SQL statement accomplish?
A.
If the page is susceptible to SQL injection, it will look in the Users table for usernames of admin
B.
This statement will look for users with the name of admin, blank passwords, and email addresses that end in @testers.com
C.
This Select SQL statement will log James in if there are any users with NULL passwords
D.
James will be able to see if there are any default user accounts in the SQL database
Explanation:
SELECT * from Users where username=’admin’ ?AND password=” AND email like ‘%@testers.com%’
This Command will display Table Includes Two Columns – users & their passwords-
username=admin–> just display admins
Example:
Isn’t B the correct answer here?
Yes for me B is the right answer. I think the “?” should not be there.
A is not wrong but B is the best matching answer. So B is the right answer in my opinion
see the question at CEH v6,
http://www.aiotestking.com/ec-council/2011/08/com-what-will-the-following-sql-statement-accomplish/
A is correct, if there are the same question.
nope. its B… do research on SQL queries.
I’ll tell you 1 thing, that explanation screenshot is WRONG! If the logic in the question is the password is empty, there is a password in the screenshot, and if the logic is to pull up the name ‘admin’, then why is the other account showing? That query in the screenshot only lists all records from mysql.users table.
I think A and B are correct but B is more descriptive.
A is the correct answer given the statement that “James types in the following statement in the username field:” However, I will concede that the sql query is correct and at best the question is tricky. Given the contex (Security) and the above statement. A is the correct answer. If it stated that James types in the following statement in the SQL query tool: then b would be correct.
Actually tested this on my server… B is the “most correct” answer.
A
Nope B is the best answers