Exam 312-50v12 topic 1 question 38 discussion

Well I confirm that it is the D, with the following The query is select * from Users where UserName = 'varName' and UserPassword = 'varPassword'. So if we change by the credentials that say would be the following result: select * from Users where UserName = 'attack' or 1=1 --' and UserPassword = '123456' An important consideration is that it is not asking for any correction of the command or if the command itself is correct, it is asking to be executed on the server.

Answer A. Look at the single quote.

CEH BOOK V12 P.2205

GPT 4.0 what you think in that way ? : Apologies for the confusion. In line with the credentials provided and typical SQL injection techniques, the correct SQL command that would be executed by the server, if there is indeed an SQL injection vulnerability, would indeed be: A. select * from Users where UserName = 'attack' or '1'='1' -- and UserPassword = '123456' In this scenario, the injection point is within the UserName parameter, and the rest of the SQL statement is commented out using the double dashes (--). This would cause the where condition to always be true, potentially allowing an attacker to bypass authentication mechanisms.

D. select * from Users where UserName = ‘attack’ or 1=1 --’ and UserPassword = ‘123456’. The point of the question is not whether the select statement will provide anything useful, but to show that you understand how the strings/parameters are passed from the login/password form to the SQL query. This was a question for me when I took the exam on 13 Dec 2023.

D. select * from Users where UserName = ‘attack’ or 1=1 --’ and UserPassword = ‘123456’ pay attention: --’

Understanding an SQL Injection Query Attacker Launching SQL Injection SELECT Count(*) FROM Users WHERE UserName='Blah' or 1=1 --' AND Password='Springfield' SELECT Count(*) FROM Users WHERE UserName='Blah' or 1=1 --' AND Password='Springfield' CEH V12 Page 2204

https://owasp.org/www-community/attacks/SQL_Injection_Bypassing_WAF

D is the Correct

D. select * from Users where UserName = ‘attack’ or 1=1 --’ and UserPassword = ‘123456’

B. select * from Users where UserName = 'attack' or 1=1 -- and UserPassword = '123456' Option D is incorrect because the SQL injection payload is placed after the closing single quote for 'UserPassword', which would likely result in a syntax error. Option A is incorrect because the payload is missing the closing single quote after 'attack', which would likely result in a syntax error.

A is the correct answer look closely, the username = attack' so the actual query will have 'attack' '....the additional hyphen is for the username then 2 hyphen for the query.

CEH BOOK V12 : P2204 SELECT Count(*) FROM Users WHERE UserName='Blah' or 1=1 --' AND Password='Springfield' ' ' --' ' '

D. select * from Users where UserName = ‘attack’ or 1=1 --’ and UserPassword = ‘123456’

The correct option is D.

The correct option is D. select * from Users where UserName = ‘attack’ or 1=1 --’ and UserPassword = ‘123456’

D. select * from Users where UserName = ‘attack’ or 1=1 --’ and UserPassword = ‘123456’ CEH BOOK V12 : P2204 SELECT Count(*) FROM Users WHERE UserName='Blah' or 1=1 --' AND Password='Springfield' SQL Query Executed : SELECT Count(*) FROM Users WHERE UserName='Blah' or 1=1 Code after -- are now comments : --' AND Password='Springfield'