Question: QUESTION 5 Consider the following query an application performs when a user changes her password: UPDATE users SET password=newsecret WHERE user=marcus and password = secret
QUESTION 5
Consider the following query an application performs when a user changes her password:
UPDATE users SET password=newsecret WHERE user=marcus and password = secret
If the attacker enters username as admin--, new password as foo, and existing password as blank,
what will happen?
| a. | (a) The application will return error message because existing password is not entered | |
| b. | The attacker can bypass password check | |
| c. | (a) The attacker will set only the admin users password to foo | |
| d. | The attacker will set every users password to foo |
QUESTION 6
Consider the following query an application performs when a user changes her password:
UPDATE users SET password=newsecret WHERE user=marcus and password = secret
If the attacker enters username as admin or 1=1--, new password as foo, and existing password as blank, what will happen?
| a. | The application will return error message because existing password is not entered | |
| b. | The attacker can bypass password check | |
| c. | The attacker will set only the admin users password to foo | |
| d. | The attacker will set every users password to foo |
QUESTION 7
Which of the following is(are) true?
| Escaping single quotation marks is always effective in preventing SQL injection | ||
| Stored procedure is always effective in preventing SQL injection | ||
| Poorly written stored procedure can contain SQL injection vulnerabilities within its own code | ||
| Parameterized query should be used for every database query to prevent SQL injection |
Step by Step Solution
There are 3 Steps involved in it
Get step-by-step solutions from verified subject matter experts
Study Help