I have 2 input fields for: username and password, 1 submit button and 1 gridview to display the details of all employee present in table tblEmployee.
In code page:
dslp = LogIn(UserName.Text, Password.Text); gvUserInfo.DataSource = dslp;
gvUserInfo.DataBind();
When i put correct data and click the button, everything works fine, no problem. Now i want to put some melicious data in the input fields (SQL Injection), something like this:
"' OR 1=1; select * from tblPerson--
and click the submit button then it returns the result of first query ("' OR 1=1) by default. If we specify the table index of dataset at the time when dataset binds to gridview
gvUserInfo.DataSource = dslp.Tables[1];
gvUserInfo.DataBind();
then it displays the result of 2nd table of dataset i.e rows of tblPerson table.
Now my question is:
Can i see the result of 2nd table without specifying the table index explicitely in code, by using some scripting tools in browser.
Note:- Code must not be changed i.e code must be
dslp = LogIn(UserName.Text, Password.Text);
gvUserInfo.DataSource = dslp;
gvUserInfo.DataBind();
