A penetration tester suspects that a web application ' s product search feature is vulnerable to SQL injection. The tester needs to confirm this by manipulating the SQL query. What is the best technique to test for SQL injection?
A.
Inject a malicious script into the search field to test for Cross-Site Scripting (XSS)
B.
Use directory traversal syntax in the search field to access server files
C.
Input 1 OR 1=1 in the search field to retrieve all products from the database
D.
Insert admin ' — in the search field to attempt bypassing authentication
SQL injection testing commonly involves using tautology-based payloads such as 1 OR 1=1, which force SQL queries to evaluate as true. CEH explains that this confirms improper input sanitization and exposes whether user-supplied fields directly influence database queries. The result often returns all records, indicating successful injection.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit