A penetration tester is testing a web application's product search feature, which takes user input and queries the database. The tester suspects inadequate input sanitization. What is the best approach to confirm the presence of SQL injection?
A.
Inject a script to test for Cross-Site Scripting (XSS)
B.
Input DROP TABLE products; -- to see if the table is deleted
C.
Enter 1' OR '1'='1 to check if all products are returned
D.
Use directory traversal syntax to access restricted files on the server
Tautology-based SQL injection tests, such as using ' OR '1'='1, are safe and effective methods to verify whether SQL queries are being manipulated by user input. CEH emphasizes avoiding destructive queries and using logical expressions that return all rows if injection is successful.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit