Question

SQL injection works as follows

		A tool like sqlmap supplies a statement that is always true, like 1=1, which tricks the web page into treating it like a human user rather than a robot.
		A tool like sqlmap supplies a statement that is always true, like 1=1, which tricks the database into upgrading the privileges from web user privileges to superuser privileges.
		The web user supplies an input string that contains the characters to close off an SQL statement and inject additional SQL code.
		The web user supplies a statement that is always true, like 1=1, which tricks the input validation into accepting special characters that would normally be eliminated.

Answer 1

Correct option is - The web user supplies an input string that contains the characters to close off an SQL statement and inject additional SQL code.

SQL injection is a web hacking technique wherein web user supplies/inject/insert some malicious SQL code via a webpage to get access to database and stole confidential information like username and password from the database, do adminstrative operations and so on. It works on dynamic queries means the queries which are generated during runtime.

For example- SQL command may require user password to authenticate the user but web user may inject some SQL like code which will run on server and web user will get access to database.

Pwd = getRequestString("password");

txt = "SELECT * FROM User WHERE password = " + Pwd;

The purpose of this SQL command is to get password to validate the user.

Of there is no security mechanism employed than user might trick the system by entering wronf information like- pwd= 105 Or 1=1

Then SQL statement will be something like this-

SELECT * FROM User WHERE Pwd= 105 OR 1=1;

This SQL code is valid and will return ALL rows from the "User" table, since OR 1=1 is always TRUE.