I have a snippet of my java code that connects to the login page. I also have six tables in the customer database. You can assume that all of the datatypes are VARCHAR(20). I know it is vulnerable to SQL injection, but I'm not exactly sure what five attacks could be done that use five different attack vectors, and provide five different extractions that come from the different tables in the database. I also need to understand the mechanisms of the five different attacks.

Java snipet:

read = new Scanner(System.in); // ... System.out.println(Enter email: ); String email = read.nextLine(); System.out.println(Enter password: ); String password = read.nextLine(); // Connect to the database. Connection conn = DriverManager.getConnection(URL, USER, PASS); Statement stmt = conn.createStatement(); // ... String sql = SELECT CustomersName FROM Customers, CustomersSecret WHERE Customers.CustomerEmail = + email + AND CustomersSecret.CustomerPassword = + password + ; // ... ResultSet results = stmt.executeQuery(sql); while (results.next()) { }

Tables:

Customers CustomerName, CustomerID, CustomerEmail CustomersSecret CustomerID, CustomerPassword, CustomerAddress, Cus- tomerPhone, CustomersBankCardInfo EmployeeEmployeeID, EmployeeName, EmployeeEmail EmployeeSecretEmployeeID, EmployeeAddress, EmployeePhone OrdersOrderID, OrderDescription, OrderDate, ShipperID, CustomerID, EmployeeID, ProductDescription, Quantity ShippersShipperID, ShipperName, Phone