In CEH v13 Module 10: Injection Attacks, the SQL Injection technique is covered extensively. A common attack method is to manipulate the input fields so that the resulting SQL query becomes logically always true, effectively bypassing authentication.
Given the input:
Username: attack' or 1=1 --
Password: 123456
And assuming the original SQL query is:
SELECT * FROM Users WHERE UserName = '' AND UserPassword = '';
When inputs are substituted, the query becomes:
SELECT * FROM Users WHERE UserName = 'attack' or 1=1 --' AND UserPassword = '123456';
The -- sequence is used in SQL to indicate a comment. Everything after -- is ignored by the SQL engine. So the query essentially becomes:CopyEdit
SELECT * FROM Users WHERE UserName = 'attack' or 1=1;
This query is always true due to 1=1, and if the application is vulnerable, it grants access regardless of the password.
Option Analysis:
A. Incorrect – Contains '' (double quote) after attack, which would cause a syntax error due to extra quotation marks.
B. Correct – This is the accurate representation of what the SQL query would look like with a successful injection.
C. Incorrect – The input string is malformed, combining input into one literal string.
D. Incorrect – Misplacement of ' after the comment token -- invalidates the SQL syntax.
Reference from CEH v13 Study Materials:
Module 10 – Injection Attacks, Section: SQL Injection – Authentication Bypass
CEH v13 eCourseware Practical Lab: Exploiting SQL Injection Vulnerability in Login Forms
CEH Engage – Web Application Testing Phase: SQLi Exploitation in Login Panels
