ExamTopics Logo
Mail Us[email protected]
Menu
Eccouncil Discussions
exam questions

Exam 312-50v11 All Questions

View all questions & answers for the 312-50v11 exam
Go to Exam

Exam 312-50v11 topic 1 question 223 discussion

Actual exam question from ECCouncil's 312-50v11
Question #: 223
Topic #: 1
[All 312-50v11 Questions]

Jason, an attacker, targeted an organization to perform an attack on its Internet-facing web server with the intention of gaining access to backend servers, which are protected by a firewall. In this process, he used a URL https://xyz.com/feed.php?url=externalsite.com/feed/to to obtain a remote feed and altered the URL input to the local host to view all the local resources on the target server.
What is the type of attack Jason performed in the above scenario?

  • A. Web server misconfiguration
  • B. Server-side request forgery (SSRF) attack
  • C. Web cache poisoning attack
  • D. Website defacement
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by ANDRESCB1988 at July 23, 2021, 6:25 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Novmejst
Highly Voted 1 year, 4 months ago
B. Server-side request forgery (SSRF) attack - ... server-side requests are initiated to obtain information from an external resource and feed it into an application. For instance, a designer can utilize a URL such as https://xyz.com/feed.php ?url=externalsite.com/feed/to to obtain a remote feed. If attackers can alter the URL input to the localhost, then they can view all the local resources on the server. This is how SSRF vulnerabilities evolve ... CEH Module 13 Page 1626
upvoted 6 times
...
Daniel8660
Most Recent 6 months, 3 weeks ago
Selected Answer: B
Server-Side Request Forgery (SSRF) Attack Attackers exploit SSRF vulnerabilities in a public web server to send crafted requests to the internal or back end servers that are protected by a firewall.A designer can utilize a URL such as https://xyz.com/feed.php?url=externalsite.com/feed/to to obtain a remote feed. If attackers can alter the URL input to the localhost, then they can view all the local resources on the server. This is how SSRF vulnerabilities evolve.Once the attack is successfully performed, the attackers can perform various activities such as port scanning, network scanning, IP address discovery, reading web server files, and bypassing host-based authentication. (P.1642/1626)
upvoted 2 times
...
ANDRESCB1988
1 year, 9 months ago
correct
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago