{"id":325,"date":"2022-02-25T19:43:39","date_gmt":"2022-02-25T19:37:13","guid":{"rendered":"https:\/\/exampracticetests.com\/eccouncil\/ceh-v11\/certified-ethical-hacker-v11-312-50v11-question184\/"},"modified":"2022-02-25T19:46:26","modified_gmt":"2022-02-25T19:46:26","slug":"certified-ethical-hacker-v11-312-50v11-question184","status":"publish","type":"post","link":"https:\/\/exampracticetests.com\/eccouncil\/ceh-v11\/certified-ethical-hacker-v11-312-50v11-question184\/","title":{"rendered":"Certified Ethical Hacker v11 312-50v11 – Question184"},"content":{"rendered":"
Suppose that you test an application for the SQL injection vulnerability. You know that the backend database is based on Microsoft SQL Server. In the login\/password form, you enter the following credentials:<\/p>\n

\nUsername: attack' or 1=1 –
\nPassword: 123456\n<\/p><\/blockquote>\n

Based on the above credentials, which of the following SQL commands are you expecting to be executed by the server, if there is indeed an SQL injection vulnerability?

A.<\/strong> select * from Users where UserName = `attack' ' or 1=1 — and UserPassword = `123456'
B.<\/strong> select * from Users where UserName = `attack' or 1=1 — and UserPassword = `123456'
C.<\/strong> select * from Users where UserName = `attack or 1=1 — and UserPassword = `123456'
D.<\/strong> select * from Users where UserName = `attack' or 1=1 –' and UserPassword = `123456'<\/div>\n

<\/p>\n