ECCouncil Ethical Hacking and Countermeasures V8 EC0-350 Question # 25 Topic 3 Discussion

ECCouncil Ethical Hacking and Countermeasures V8 EC0-350 Question # 25 Topic 3 Discussion

EC0-350 Exam Topic 3 Question 25 Discussion:
Question #: 25
Topic #: 3

The following script shows a simple SQL injection. The script builds an SQL query by concatenating hard-coded strings together with a string entered by the user:

EC0-350 Question 25

The user is prompted to enter the name of a city on a Web form. If she enters Chicago, the query assembled by the script looks similar to the following:

SELECT * FROM OrdersTable WHERE ShipCity = 'Chicago'

How will you delete the OrdersTable from the database using SQL Injection?


A.

Chicago'; drop table OrdersTable --


B.

Delete table'blah'; OrdersTable --


C.

EXEC; SELECT * OrdersTable > DROP --


D.

cmdshell'; 'del c:\sql\mydb\OrdersTable' //


Get Premium EC0-350 Questions

Contribute your Thoughts:


Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.