EC-Council
312-92 · Question #39
312-92 Question #39: Real Exam Question with Answer & Explanation
The correct answer is D. SQL injection. See the full explanation below for the reasoning.
Question
What vulnerability is the following code susceptible to? CREATE OR REPLACE PROCEDURE demo (name in VARCHAR2) as cursor_name INTEGER; rows_processed INTEGER; sql VARCHAR2(150); code VARCHAR2(2); BEGIN ... sql := 'SELECT postal_code FROM states WHERE state_name = ''' || ''''; cursor_name := dbms_sql.open_cursor; DBMS_SQL.PARSE(cursor_name, sql, DBMS_SQL.NATIVE); DBMS_SQL.DEFINE_COLUMN(cursor_name, 1, code, 10); row_processed:= DMBS_SQL.EXECUTIVE(cursor_name); DBMS_SQL.CLOSE_CURSOR(cursor_name);
Options
- ASQL string manipulation
- BDBMS_Open string attacks
- COracle injection
- DSQL injection
Community Discussion
No community discussion yet for this question.