GCIH · Question #782
A web application receives the following input from a malicious request. What is the attacker attempting to do? select accountbalance from user where name = jake' OR 'z'='z';
The correct answer is C. Obtain database records for every application user. This is a classic SQL injection attack using an always-true condition to bypass authentication and return all rows from a table.
Question
A web application receives the following input from a malicious request. What is the attacker attempting to do? select accountbalance from user where name = jake' OR 'z'='z';
Options
- ADownload database records for a specific application user
- BCombine two input requests into a single query
- CObtain database records for every application user
- DAdd a new user account to the application database
How the community answered
(31 responses)- A3% (1)
- B10% (3)
- C71% (22)
- D16% (5)
Why each option
This is a classic SQL injection attack using an always-true condition to bypass authentication and return all rows from a table.
The injection breaks the intended filter on 'jake' with the OR condition, so the query returns all users, not a specific one.
This is a single manipulated SELECT query, not two separate requests being combined.
The injected condition OR 'z'='z' is always true, causing the WHERE clause to evaluate as true for every row in the user table. This forces the database to return account balances for all users rather than filtering by a specific name, effectively dumping the entire result set.
There is no INSERT or CREATE statement present; the query only performs a SELECT to read existing data.
Concept tested: SQL injection always-true bypass technique
Source: https://owasp.org/www-community/attacks/SQL_Injection
Topics
Community Discussion
No community discussion yet for this question.