Comptia-PenTest-pt0-001 – Question107

Joe, an attacker, intends to transfer funds discreetly from a victims account to his own. Which of the following URLs can he use to accomplish this attack?

A.
https://testbank.com/BankingApp/ACH.aspx?CustID=435345&accountType=F&action-ACHTransfer&senderID=654846&notify=False&creditaccount=OR 1=1 AND select username from testbank.custinfo where username like Joe-&amount=200
B. https://testbank.com/BankingApp/ACH.aspx?CustID=435345&accountType=F&action-ACHTransfer&senderID=654846&notify=False&creditaccount=OR 1=1 AND select username from testbank.custinfo where username like Joe &amount=200
C. https://testbank.com/BankingApp/ACH.aspx?CustID=435345&accountType=F&action-ACHTransfer&senderID=654846&notify=True&creditaccount=OR 1=1 AND select username from testbank.custinfo where username like Joe -&amount=200
D. https://testbank.com/BankingApp/ACH.aspx?CustID=435345&accountType=F&action-ACHTransfer&senderID=654846&notify=True&creditaccount=AND 1=1 AND select username from testbank.custinfo where username like Joe -&amount=200

Section: (none)

Correct Answer: B