How will you delete the OrdersTable from the database using SQL Injection?

The following script shows a simple SQL injection. The script builds an SQL query by concatenating hard-coded strings together with a string entered by the user:

The user is prompted to enter the name of a city on a Web form. If she enters Chicago, the query assembled by the script looks similar to the following:

SELECT * FROM OrdersTable WHERE ShipCity = ‘Chicago’

How will you delete the OrdersTable from the database using SQL Injection?

The following script shows a simple SQL injection. The script builds an SQL query by concatenating hard-coded strings together with a string entered by the user:

The user is prompted to enter the name of a city on a Web form. If she enters Chicago, the query assembled by the script looks similar to the following:

SELECT * FROM OrdersTable WHERE ShipCity = ‘Chicago’

How will you delete the OrdersTable from the database using SQL Injection?

A.
Chicago’; drop table OrdersTable —

B.
Delete table’blah’; OrdersTable —

C.
EXEC; SELECT * OrdersTable > DROP —

D.
cmdshell’; ‘del c:\sql\mydb\OrdersTable’ //

Explanation:
“Drop Table OrdersTable” deletes the OrdersTable



Leave a Reply 1

Your email address will not be published. Required fields are marked *