Given the database schema below, and a form that asks a user to provide their account number in order to retrieve the account balance through the following query, craft a SQL injection attack that would allow customer John Doe to "steal" $500 from customer Homer Simpson.

SELECT Balance

FROM Accounts

WHERE Account_Num =

 

a) the rationale for why you set it up the way you did

  b) what the expected result(s) will be if the attack was to be carried out.

Transcribed Image Text:

foreign keys Customer Account 123-45-6789 256101 123-45-6789 256202 987-65-4321 256304 Customers SSN Name 123-45-6789 John Doe 987-65-4321 Homer Simpson Address 4400 University Dr, Fairfax, VA 10 First St, Springfield, OH Accounts Account Num Description 256101 Checking Savings Checking 256202 256304 Balance $ 10,000 $ 12,000 $ 10,300 foreign keys Customer Account 123-45-6789 256101 123-45-6789 256202 987-65-4321 256304 Customers SSN Name 123-45-6789 John Doe 987-65-4321 Homer Simpson Address 4400 University Dr, Fairfax, VA 10 First St, Springfield, OH Accounts Account Num Description 256101 Checking Savings Checking 256202 256304 Balance $ 10,000 $ 12,000 $ 10,300

Answer rating: 100% (QA)

a Rationale for Setup The database schema is set up to contain tables for Customers and Accounts The Customers table contains personal information about each customer such as their name address and so... View the full answer