How will you delete the OrdersTable from the database using SQL Injection?

Posted by: Pdfprep Category: CEH-001 Tags: , , Post Date: March 5, 2021

The following script shows a simple SQL injection.

The script builds an SQL query by concatenating hard-coded strings together with a string entered by the user:

The user is prompted to enter the name of a city on a Web form.

If she enters Chicago, the query assembled by the script looks similar to the following:

SELECT * FROM OrdersTable WHERE ShipCity = ‘Chicago’

How will you delete the OrdersTable from the database using SQL Injection?
A . Chicago’; drop table OrdersTable -­
B . Delete table’blah’; OrdersTable -­
C . EXEC; SELECT * OrdersTable > DROP -­
D . cmdshell’; ‘del c:sqlmydbOrdersTable’ //

Answer: A

Author

Leave a Reply

Your email address will not be published.