Jeremy is web security consultant for Information Securitas. Jeremy has just been hired to perform contract work for a large state agency in Michigan. Jeremy's first task is to scan all the company's external websites. Jeremy comes upon a login page which appears to allow employees access to sensitive areas on the website. James types in the following statement in the username field: SELECT * from Users where username='admin' ?AND password='' AND email like '%@testers.com%' What will the SQL statement accomplish?
If the page is susceptible to SQL injection, it will look in the Users table for usernames of admin
This statement will look for users with the name of admin, blank passwords, and email addresses that end in @testers.com
This Select SQL statement will log James in if there are any users with NULL passwords
James will be able to see if there are any default user accounts in the SQL database
Want to practice for 312-50 - Ethical Hacking and Countermeasures (CEHv6) ?