ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CAS-004 All Questions

View all questions & answers for the CAS-004 exam
Go to Exam

Exam CAS-004 topic 1 question 318 discussion

Actual exam question from CompTIA's CAS-004
Question #: 318
Topic #: 1
[All CAS-004 Questions]

HOTSPOT
-

A product development team has submitted code snippets for review prior to release.


INSTRUCTIONS
-

Analyze the code snippets, and then select one vulnerability, and one fix for each code snippet.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.


Code Snippet 1
-




Code Snippet 2
-



Show Suggested Answer Hide Answer
Suggested Answer:
by CXSSP at Sept. 10, 2023, 8:49 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
ViBy
Highly Voted 1 year, 8 months ago
Code Snippet 1 Vulnerability: Insecure direct object reference Fix: Ensure userid belongs to logged-in user. The potential vulnerability here is not about SQL injection but about the direct use of a user-provided userid without verifying whether the user is authorized to view or interact with the specified user ID, which leads to Insecure Direct Object References (IDOR). Code Snippet 2 Vulnerability: Command injection Fix: Perform input sanitization of the userid field. There is no evidence in the provided code of credentials being passed or an "authenticated" value being present or checked. The vulnerability here is not related to credential handling but to the execution of potentially unsafe commands.
upvoted 14 times
...
weaponxcel
Highly Voted 1 year, 9 months ago
The solution is completely incorrect: Snippet 1: Vulnerability: Insecure direct object reference (IDOR) Fix: Ensure userid belong to logged-in user Snippet 2: Vulnerability: Command injection Fix: Remove the serve_forever instruction.
upvoted 7 times
weaponxcel
1 year, 9 months ago
Actually the fix for snippet 2 should be: Perform input sanitization for userid field
upvoted 7 times
OdinAtlasSteel
1 year, 9 months ago
Uncle_Lucifer said that he passed the simulation with the given solution. That's going to be hard to refute.
upvoted 3 times
Test1269
1 year, 5 months ago
How would he know? You don't receive feedback saying you got the question right or wrong.
upvoted 11 times
...
...
...
...
19729c1
Most Recent 11 months, 2 weeks ago
According to Copilot and really make sense the correct answer is Code Snippet 1 Vulnerability: Indirect object reference Fix: Ensure userid belongs to logged-in user. Code Snippet 2 Vulnerability: Credentials passed via Get Fix: HTTP POST should be used for sensitive parameters.
upvoted 1 times
...
MacherGaming
1 year, 1 month ago
I was initially sold on SQL Injection for Snip1, but I also don't know Java. This led me to research the code. The "PreparedStatement" is a common method for preventing SQL injection which treats the users' input as a placeholder vs. directly inserted in the query string. Snip1: IDOR - Ensure 'userid' belongs to logged-in user. Snip2 is in Python and made more sense to me and process of elimination got me to Command Injection but still had to research what was going on. When they define 'get_request' the userid parameter ends up being directly inserted into a shell command via 'ldaplookup' > 'accountlookup' in the 'subprocess.popen' command. So... replacing userid with a malicious command ends up as a shell command. Snip2: Command Injection - Perform input sanitization of the userid field
upvoted 2 times
...
e4af987
1 year, 4 months ago
Snippet1 = SQL Injection; Snippet 2 = Command Injection - fix for both is Perform Input Sanitation. I recreated it and asked Gemini
upvoted 3 times
armid
1 year, 1 month ago
it cannot be idor, if people are going just by the ?userid=103 then by that logic answer to both is idor. Number one is SQL innjection, just enter logic bomb instead of userid and it will list all users. Second script is using ldapsearch utility, which is a command line util. I see a good chance of injecting malicious commands unless input is sanitized.
upvoted 1 times
...
...
biggytech
1 year, 8 months ago
These answers are correct. The pentest+ exam has a similar vulnerability/attack identification section. First one is certainly an SQL injection and input sanitization/parametrized queries are always the go to. The second one is clearly a get request to find/grab credentials
upvoted 2 times
...
CoolCat22
1 year, 11 months ago
I im pretty sure 1 is IDOR
upvoted 4 times
...
CXSSP
1 year, 11 months ago
Does anyone know if this is correct?
upvoted 1 times
Uncle_Lucifer
1 year, 11 months ago
yes it is. I passed all my PBQ and simulation. This came out. I took it this week.
upvoted 15 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel