ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam PT0-001 All Questions

View all questions & answers for the PT0-001 exam
Go to Exam

Exam PT0-001 topic 1 question 110 discussion

Actual exam question from CompTIA's PT0-001
Question #: 110
Topic #: 1
[All PT0-001 Questions]

A security analyst has uncovered a suspicious request in the logs for a web application. Given the following URL: http:www.company-site.com/about.php?i=_V_V_V_V_VetcVpasswd
Which of the following attack types is MOST likely to be the vulnerability?

  • A. Directory traversal
  • B. Cross-site scripting
  • C. Remote file inclusion
  • D. User enumeration
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by D1960 at March 12, 2020, 9:18 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
boblee
Highly Voted 4 years, 10 months ago
Answer is A
upvoted 16 times
...
D1960
Highly Voted 5 years, 2 months ago
Maybe: A. Directory traversal ? I don't think those are supposed to be "V"s but rather forward slash next to a back slash: \/ not V. Take a look at examtopic question 114.
upvoted 7 times
mr_robot
5 years, 1 month ago
Agree with you. This is taken from PenTest+ Practice Tests Book: http://www.companysite.com/about.php?i=../../../etc/passwd In this scenario, the .. operators are the revealing giveaway that the attacker was attempting to conduct a directory traversal attack. This particular attack sought to break out of the web server’s root directory and access the /etc/passwd file on the server. A directory traversal attack is an HTTP attack that allows attackers to access restricted directories and execute commands outside of the web server’s root directory.
upvoted 11 times
nadarajabs
3 years, 8 months ago
but it is _V not ../
upvoted 1 times
...
...
...
miabe
Most Recent 2 years, 10 months ago
Selected Answer: A
looks good to me
upvoted 1 times
...
Cock
3 years, 2 months ago
It was on the exam. Same Vs appear
upvoted 2 times
...
DohJayVeh
3 years, 5 months ago
Answer is B For it to be directory transversal you would need to see /../
upvoted 1 times
...
runagerj
3 years, 7 months ago
A appears to be the correct answer because they are trying to go after the /etc/passwd file. Again why are so many of these apparently wrong?
upvoted 1 times
...
mar7865p123
4 years ago
it is A
upvoted 2 times
...
ade2901296
4 years ago
Answer is B Cross-site scripting (XSS) is a type of security vulnerability typically found in web applications. XSS attacks enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy. Cross-site scripting, commonly referred to as XSS, occurs when hackers execute malicious JavaScript within a victim’s browser. What can directory traversal do to a server? An attacker may use directory traversal to download server configuration files, which contain sensitive information and potentially expose more server vulnerabilities. Ultimately, the attacker may access confidential information or even get full control of the server.
upvoted 1 times
x0hmei
3 years, 11 months ago
They are clearly going after the passwd file is what, but you go ahead and do B and I'll do A
upvoted 8 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago