David is working on a pen testing assignment as a junior consultant. His supervisor told him to test a web application for SQL injection. The supervisor also informed David the web application is known to be vulnerable to the "admin' OR '" injection. When David tried this string, he received a WAF error message the input is not allowed. Which of the following strings could David use instead of the above string to bypass the WAF filtering?
A) exec sp_addsrvrolemember 'name ' , 'sysadmin '
B) ' union select
C) admin') or '1'='1'--
D) 'or username like char(37) ;
Correct Answer:
Verified
Q260: William, a penetration tester in a pen
Q261: Smith, a pen tester, has been hired
Q262: Dale is a penetration tester and security
Q263: What is the purpose of a Get-Out-of-Jail-Free
Q264: Charles, a network penetration tester, is part
Q266: Jackson, a social media editor for Early
Q267: Jacob is a penetration tester at TechSoft
Q268: ABC bank, a UK-based bank hired Anthony,
Q269: An organization recently faced a cyberattack where
Q270: John, a security analyst working for LeoTech
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents