Which flaw does an attacker leverage when exploiting SQL injection vulnerabilities?

Which flaw does an attacker leverage when exploiting SQL injection vulnerabilities?
A . user input validation in a web page or web application
B . Linux and Windows operating systems
C . database
D . web page images

View Answer

Answer: A

Explanation:

SQL injection usually occurs when you ask a user for input, like their username/userid, but the user gives (“injects”) you an SQL statement that you will unknowingly run on your database.

For example:

Look at the following example, which creates a SELECT statement by adding a variable (txtUserId) to a select string.

The variable is fetched from user input (getRequestString):

txtUserId = getRequestString(“UserId”);

txtSQL = “SELECT * FROM Users WHERE UserId = ” + txtUserId;

If user enter something like this: “100 OR 1=1” then the SQL statement will look like this:

SELECT * FROM Users WHERE UserId = 100 OR 1=1;

The SQL above is valid and will return ALL rows from the “Users” table, since OR 1=1 is always TRUE. A

hacker might get access to all the user names and passwords in this database.