MySQL 8.0 Database Administrator — Question 108

Which two queries are examples of successful SQL injection attacks? (Choose two.)

Answer options

• A. SELECT user,passwd FROM members - WHERE user = ‘?’;INSERT INTO members(‘user’,’passwd’) VALUES (‘[email protected]’,‘secret’);--‘;
• B. SELECT id, name FROM user WHERE user.id=(SELECT members.id FROM members);
• C. SELECT id, name FROM user WHERE id=23 OR id=32 OR 1=1;
• D. SELECT id, name FROM user WHERE id=23 OR id=32 AND 1=1;
• E. SELECT email,passwd FROM members WHERE email = ‘INSERT INTO members(‘email’,’passwd’) VALUES (‘[email protected]’, ‘secret’);--‘;
• F. SELECT user, phone FROM customers WHERE name = ‘\; DROP TABLE users; --‘;

Correct answer: D, E

Explanation

The correct answers, D and E, both demonstrate SQL injection by manipulating the query logic. Option D uses a condition that always evaluates to true (1=1), allowing unauthorized access, while option E attempts to insert a new user through an altered email condition. The other options either do not reflect SQL injection or do not successfully manipulate the database in a harmful way.