An attacker enters the string ‘John’ or ‘1=1’ on a web form that is connected to a back-end SQL server causing the server to display all records in the database table. Which type of SQL injection attack was used in this scenario?
- inferential SQL injection
- error-based SQL injection
- boolean SQL injection
- out-of-band SQL injection
| Explanation & Hints:
Since the string ‘1=1’ is always true, the search string serves as a Boolean value of TRUE, causing the database system to display all records.
|