A penetration tester suspects that a web application's user profile page is vulnerable to SQL injection, as it uses the userID parameter in SQL queries without proper sanitization. Which technique should the tester use to confirm the vulnerability?
A.
Use the userID parameter to perform a brute-force attack on the admin login page
B.
Modify the userID parameter in the URL to ' OR '1'='1 and check if it returns multiple profiles
C.
Inject HTML code into the userID parameter to test for Cross-Site Scripting (XSS)
D.
Attempt a directory traversal attack using the userID parameter
CEH describes SQL injection testing as a core part of web application assessment. One of the first and safest validation techniques is using a tautology-based SQL injection payload, such as ' OR '1'='1. If the application concatenates user input directly into SQL queries, such an input will cause the query to always evaluate as true, often returning additional records such as multiple user profiles. This confirms the presence of SQL injection without causing destructive effects like dropping tables. Testing XSS does not validate SQL injection, brute-forcing credentials is unrelated, and directory traversal attacks target file path manipulation rather than backend queries. CEH emphasizes avoiding destructive queries and starting with non-intrusive injection payloads that reveal improper input sanitization, making ' OR '1'='1 the correct technique for confirming SQL injection vulnerabilities in URL parameters.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit