Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

GIAC GPEN Exam - Topic 8 Question 58 Discussion

Actual exam question for GIAC's GPEN exam
Question #: 58
Topic #: 8
[All GPEN Questions]

You work as a Network Penetration tester in the Secure Inc. Your company takes the projects to test the security of various companies. Recently, Secure Inc. has assigned you a project to test the security of a Web site. You go to the Web site login page and you run the following SQL query:

SELECT email, passwd, login_id, full_name

FROM members

WHERE email = 'attacker@somehwere.com'; DROP TABLE members; --'

What task will the above SQL query perform?

Show Suggested Answer Hide Answer
Suggested Answer: A

by Tanesha at Sep 15, 2024, 09:58 PM

Limited Time Offer

25%

Off

Get Premium GPEN Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Georgene
6 months ago
Nah, it just deletes rows, not the whole table.
upvoted 0 times
...
Frederica
6 months ago
It's a classic SQL injection move.
upvoted 0 times
...
Henriette
6 months ago
Wait, are you sure? That seems extreme!
upvoted 0 times
...
Rosamond
7 months ago
I agree, option B is the right answer.
upvoted 0 times
...
Rossana
7 months ago
Definitely deletes the entire members table.
upvoted 0 times
...
Cecilia
7 months ago
I vaguely recall that the "--" is used for comments in SQL, which means everything after that is ignored. So, it seems like it would delete the table. I’m leaning towards B.
upvoted 0 times
...
Novella
7 months ago
I feel like this could be a trick question. It looks like it might delete the entire members table, but I wonder if it could just delete specific rows instead.
upvoted 0 times
...
Natalie
8 months ago
I remember practicing a similar question where the query dropped a table. I think the answer here is B, but I hope I'm right!
upvoted 0 times
...
Alline
8 months ago
I think this query is trying to exploit SQL injection, but I'm not entirely sure if it actually deletes the whole table or just some rows.
upvoted 0 times
...
Sabina
8 months ago
Okay, I've got this. The SQL query is attempting a SQL injection attack by including a DROP TABLE command after the initial SELECT statement. This would effectively delete the entire members table if successful, so I'll go with option B.
upvoted 0 times
...
Carlota
8 months ago
This is a tricky one. The SQL query looks like it's trying to perform some kind of malicious action, but I'm not entirely sure what the end goal is. I'll need to review my notes on SQL injection attacks to make sure I understand the implications here.
upvoted 0 times
...
Cordelia
8 months ago
Ah, I see what's going on here. The query is using a SQL injection technique to try and execute a DROP TABLE command after the initial SELECT statement. This could potentially delete the entire members table, so I'll select option B.
upvoted 0 times
...
Brittani
8 months ago
Hmm, I'm a bit confused. The query is selecting some data from the members table, but then it's also trying to drop the table. I'm not sure if that would actually work or what the intended effect is. I'll need to think this through more carefully.
upvoted 0 times
...
Darell
8 months ago
This looks like a SQL injection attack. I think the query is trying to delete the entire members table, so I'll go with option B.
upvoted 0 times
...
Herman
8 months ago
I'm a bit confused on this one. Is the unique contact email address the same as the unique contact identifier? I want to make sure I understand the difference before answering.
upvoted 0 times
...
Isaiah
1 year ago
Ah, the age-old battle of the SQL injection vs. the poor, defenseless database. I can just imagine the database admin now, frantically trying to figure out how to undelete the entire 'members' table. Maybe they should just rename it to the 'ex-members' table and call it a day!
upvoted 0 times
...
Maia
1 year ago
Ah, the old 'drop table' trick! Classic SQL injection move. I bet the folks at Secure Inc. are really keeping their popcorn handy for this one. Option B is the way to go, folks.
upvoted 0 times
Dalene
11 months ago
The folks at Secure Inc. must be on high alert for this kind of attack.
upvoted 0 times
...
Margot
11 months ago
I've seen some real chaos caused by SQL injections. It's crucial to stay vigilant and protect against these types of attacks.
upvoted 0 times
...
Gilbert
12 months ago
Yep, option B is the correct answer, it deletes the entire members table.
upvoted 0 times
...
Vicky
12 months ago
Yeah, dropping the entire members table can cause some serious damage. Always important to be aware of these vulnerabilities.
upvoted 0 times
...
Osvaldo
12 months ago
I agree, that SQL query is definitely a classic move.
upvoted 0 times
...
Lucy
1 year ago
I agree, that SQL injection is a classic move. Option B is definitely the correct answer.
upvoted 0 times
...
...
Caitlin
1 year ago
Hmm, this is a tricky one. I wonder if the attacker is trying to cover their tracks by deleting the evidence? Either way, I'd say option B is the correct answer here. No need to go nuclear on the database!
upvoted 0 times
Lenny
12 months ago
User 3: Option B seems like the right choice then.
upvoted 0 times
...
Sonia
12 months ago
User 2: Yeah, that would definitely cover their tracks.
upvoted 0 times
...
Donette
12 months ago
User 1: I think the attacker is trying to delete the entire members table.
upvoted 0 times
...
Sarina
12 months ago
Melynda: No need to go nuclear on the database, right?
upvoted 0 times
...
Felicitas
12 months ago
User 3: I agree, option B is the correct answer.
upvoted 0 times
...
Melynda
12 months ago
User 2: Yeah, that seems like the most destructive option.
upvoted 0 times
...
Rebecka
12 months ago
User 1: I think the attacker is trying to delete the entire members table.
upvoted 0 times
...
...
Susana
1 year ago
Whoa, that's some serious SQL injection! I can see why this is a security test. Deleting the entire members table is definitely not what you want to do in a real-world scenario. Better stick to option B and keep things contained.
upvoted 0 times
Ashton
1 year ago
User 2: Definitely, we need to be careful with SQL injection attacks. Option B is the safest choice.
upvoted 0 times
...
Mozell
1 year ago
User 1: Yeah, that SQL query is dangerous. It could delete the entire members table.
upvoted 0 times
...
...
Oretha
1 year ago
Oh, this is a classic SQL injection attack! The query selects the email, password, login ID, and full name from the members table where the email matches 'attacker@somehwere.com', and then drops the entire members table. That's a pretty destructive move!
upvoted 0 times
Jolanda
12 months ago
Starr: Secure Inc. needs to make sure their clients are protected from these types of attacks.
upvoted 0 times
...
Rolande
1 year ago
User 3: The attacker could potentially delete a lot of important data with that query.
upvoted 0 times
...
Starr
1 year ago
User 2: Definitely, dropping the entire members table is a big security risk.
upvoted 0 times
...
Camellia
1 year ago
User 1: Wow, that's a dangerous SQL injection attack!
upvoted 0 times
...
...
Magdalene
1 year ago
I think the correct answer is B) because the query includes 'DROP TABLE members;' which will delete the entire table.
upvoted 0 times
...
Odelia
1 year ago
C) Deletes the rows of members table where email id is 'attacker@somehwere.com' given.
upvoted 0 times
...
Lucy
1 year ago
B) Deletes the entire members table.
upvoted 0 times
...

Save Cancel