PenTest+ Practice Tests Book:
http://www.companysite.com/about.php?i=../../../etc/passwd
C. - In this scenario, the .. operators are the revealing giveaway that the attacker was attempting to conduct a directory traversal attack. This particular attack sought to break out of the web server’s root directory and access the /etc/passwd file on the server. A directory traversal attack is an HTTP attack that allows attackers to access restricted directories and execute commands outside of the web server’s root directory.
Also keep an eye out for URL encoding:
. == %2E
/ == %2F
\ == %5C
eg:
http://www.companysite.com/about.php?i=%2E%2E%2F%2E%2E%2F%2E%2E%2Fetc%2Fpasswd
upvoted 4 times
...
This section is not available anymore. Please use the main Exam Page.PT0-001 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
mr_robot
Highly Voted 5 years agomiabe
Most Recent 2 years, 10 months agobaybay
3 years, 1 month agoCapCrunch
3 years, 10 months ago