GIAC Exam GPEN Topic 8 Question 58 Discussion

Actual exam question for GIAC's GPEN exam

Question #: 58
Topic #: 8

[All GPEN Questions]

You work as a Network Penetration tester in the Secure Inc. Your company takes the projects to test the security of various companies. Recently, Secure Inc. has assigned you a project to test the security of a Web site. You go to the Web site login page and you run the following SQL query:

SELECT email, passwd, login_id, full_name

FROM members

WHERE email = 'attacker@somehwere.com'; DROP TABLE members; --'

What task will the above SQL query perform?

APerforms the XSS attacks.

BDeletes the entire members table.

CDeletes the rows of members table where email id is 'attacker@somehwere.com' given.

DDeletes the database in which members table resides.

Show Suggested Answer

Suggested Answer: A

by Tanesha at Sep 15, 2024, 09:58 PM

Limited Time Offer

25%

Off

Get Premium GPEN Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Caitlin

1 days ago

Hmm, this is a tricky one. I wonder if the attacker is trying to cover their tracks by deleting the evidence? Either way, I'd say option B is the correct answer here. No need to go nuclear on the database!

upvoted 0 times

...

Susana

9 days ago

Whoa, that's some serious SQL injection! I can see why this is a security test. Deleting the entire members table is definitely not what you want to do in a real-world scenario. Better stick to option B and keep things contained.

upvoted 0 times

...

Oretha

15 days ago

Oh, this is a classic SQL injection attack! The query selects the email, password, login ID, and full name from the members table where the email matches 'attacker@somehwere.com', and then drops the entire members table. That's a pretty destructive move!

upvoted 0 times

...