GIAC Exam GPEN Topic 8 Question 58 Discussion

Actual exam question for GIAC's GPEN exam

Question #: 58
Topic #: 8

[All GPEN Questions]

You work as a Network Penetration tester in the Secure Inc. Your company takes the projects to test the security of various companies. Recently, Secure Inc. has assigned you a project to test the security of a Web site. You go to the Web site login page and you run the following SQL query:

SELECT email, passwd, login_id, full_name

FROM members

WHERE email = 'attacker@somehwere.com'; DROP TABLE members; --'

What task will the above SQL query perform?

APerforms the XSS attacks.

BDeletes the entire members table.

CDeletes the rows of members table where email id is 'attacker@somehwere.com' given.

DDeletes the database in which members table resides.

Show Suggested Answer

Suggested Answer: A

by Tanesha at Sep 15, 2024, 09:58 PM

Limited Time Offer

25%

Off

Get Premium GPEN Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Isaiah

1 months ago

Ah, the age-old battle of the SQL injection vs. the poor, defenseless database. I can just imagine the database admin now, frantically trying to figure out how to undelete the entire 'members' table. Maybe they should just rename it to the 'ex-members' table and call it a day!

upvoted 0 times

...

Maia

1 months ago

Ah, the old 'drop table' trick! Classic SQL injection move. I bet the folks at Secure Inc. are really keeping their popcorn handy for this one. Option B is the way to go, folks.

upvoted 0 times

Margot

4 days ago

I've seen some real chaos caused by SQL injections. It's crucial to stay vigilant and protect against these types of attacks.

upvoted 0 times

...

Gilbert

7 days ago

Yep, option B is the correct answer, it deletes the entire members table.

upvoted 0 times

...

Vicky

9 days ago

Yeah, dropping the entire members table can cause some serious damage. Always important to be aware of these vulnerabilities.

upvoted 0 times

...

Osvaldo

20 days ago

I agree, that SQL query is definitely a classic move.

upvoted 0 times

...

Lucy

1 months ago

I agree, that SQL injection is a classic move. Option B is definitely the correct answer.

upvoted 0 times

...

Caitlin

2 months ago

Hmm, this is a tricky one. I wonder if the attacker is trying to cover their tracks by deleting the evidence? Either way, I'd say option B is the correct answer here. No need to go nuclear on the database!

upvoted 0 times

Lenny

6 days ago

User 3: Option B seems like the right choice then.

upvoted 0 times

...

Sonia

7 days ago

User 2: Yeah, that would definitely cover their tracks.

upvoted 0 times

...

Donette

8 days ago

User 1: I think the attacker is trying to delete the entire members table.

upvoted 0 times

...

Sarina

8 days ago

Melynda: No need to go nuclear on the database, right?

upvoted 0 times

...

Felicitas

11 days ago

User 3: I agree, option B is the correct answer.

upvoted 0 times

...

Melynda

12 days ago

User 2: Yeah, that seems like the most destructive option.

upvoted 0 times

...

Rebecka

19 days ago

User 1: I think the attacker is trying to delete the entire members table.

upvoted 0 times

...

Susana

2 months ago

Whoa, that's some serious SQL injection! I can see why this is a security test. Deleting the entire members table is definitely not what you want to do in a real-world scenario. Better stick to option B and keep things contained.

upvoted 0 times

Ashton

1 months ago

User 2: Definitely, we need to be careful with SQL injection attacks. Option B is the safest choice.

upvoted 0 times

...

Mozell

2 months ago

User 1: Yeah, that SQL query is dangerous. It could delete the entire members table.

upvoted 0 times

...

Oretha

2 months ago

Oh, this is a classic SQL injection attack! The query selects the email, password, login ID, and full name from the members table where the email matches 'attacker@somehwere.com', and then drops the entire members table. That's a pretty destructive move!

upvoted 0 times