Certified Ethical Hacker (CEH v10) — Question 10

If an attacker uses the command SELECT*FROM user WHERE name = "˜x' AND userid IS NULL; --"˜; which type of SQL injection attack is the attacker performing?

Answer options

• A. End of Line Comment
• B. UNION SQL Injection
• C. Illegal/Logically Incorrect Query
• D. Tautology

Correct answer: A

Explanation

The command uses the '--' to comment out the rest of the SQL statement, indicating it's an End of Line Comment SQL injection. The other options do not fit this scenario as the attacker is not trying to combine queries (B), create an invalid query (C), or manipulate logical conditions (D).