Exam SY0-401 topic 3 question 98 discussion

Actual exam question from CompTIA's SY0-401

Question #: 98
Topic #: 3

Sara, a hacker, is completing a website form to request a free coupon. The site has a field that limits the request to 3 or fewer coupons. While submitting the form,
Sara runs an application on her machine to intercept the HTTP POST command and change the field from 3 coupons to 30.
Which of the following was used to perform this attack?

A. SQL injection
B. XML injection
C. Packet sniffer
D. Proxy

Show Suggested Answer

Suggested Answer: B 🗳️
When a web user takes advantage of a weakness with SQL by entering values that they should not, it is known as a SQL injection attack. Similarly, when the user enters values that query XML (known as XPath) with values that take advantage of exploits, it is known as an XML injection attack. XPath works in a similar manner to SQL, except that it does not have the same levels of access control, and taking advantage of weaknesses within can return entire documents. The best way to prevent XML injection attacks is to filter the users input and sanitize it to make certain that it does not cause XPath to return more data than it should.

by [deleted] at March 9, 2025, 5:07 a.m.

Comments

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!