A penetration tester is assessing the security of a web form for a client and enters `;id` in one of the fields. The penetration tester observes the following response: Based on the response, which of the following vulnerabilities exists?
C
The following PHP code snippet is vulnerable to a command injection attack:
<?php print(“Please specify the name of the file to delete”); print(“<p>”); $file=$_GET[‘filename’]; system(“rm $file”); ?>
The following request and response is an example of a successful attack:
Request http://127.0.0.1/delete.php?filename=bob.txt;id
Response
Please specify the name of the file to delete
uid=33(www-data) gid=33(www-data) groups=33(www-data)
Source:
Eample 6
https://owasp.org/www-community/attacks/Command_Injection
upvoted 4 times
...
This section is not available anymore. Please use the main Exam Page.PT0-001 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
hthb
Highly Voted 3 years, 11 months agomiabe
Most Recent 2 years, 10 months agoCapCrunch
3 years, 10 months ago