COMPUTER THREATS SECURITY
TYPES OF NETWORK SECURITY
|
Question
[CLICK ON ANY CHOICE TO KNOW THE RIGHT ANSWER]
|
|
|
SQL Injection:SELECT * FROM userdetails WHERE username = “ OR 1”
|
|
|
“SELECT * FROM userdetails WHERE username = ‘$name’";
|
|
|
Either A or B
|
|
|
None of the above
|
Detailed explanation-1: -A hacker executes an SQL injection with an SQL statement that is always true. For instance, 1=1; instead of just entering the “wrong” input, the hacker uses a statement that will always be true. Entering “100 OR 1=1” in the query input box will return a response with the details of a table.
Detailed explanation-2: -When adding in conditions to a query that already has WHERE 1=1, all conditions thereafter will contain AND, so it’s easier when commenting out conditions on experimental queries.
Detailed explanation-3: -’OR’ means that one of the conditions (WHERE name = ‘admin’ OR 1=1) must be true, and in this case, it is returning everything that has name equal to ‘admin’, or that has 1 equal to 1. Try using this instead: SELECT password FROM tbl users WHERE name = ‘admin’ AND 1=1.
Detailed explanation-4: -SQL injection usually occurs when you ask a user for input, like their username/userid, and instead of a name/id, the user gives you an SQL statement that you will unknowingly run on your database.