Exam 312-50v11 topic 1 question 225 discussion

Actual exam question from ECCouncil's 312-50v11

Question #: 225
Topic #: 1

While testing a web application in development, you notice that the web server does not properly ignore the `dot dot slash` (../) character string and instead returns the file listing of a folder higher up in the folder structure of the server.
What kind of attack is possible in this scenario?

A. Cross-site scripting
B. SQL injection
C. Denial of service
D. Directory traversal

Show Suggested Answer

Suggested Answer: D 🗳️

by ANDRESCB1988 at July 23, 2021, 6:25 a.m.

Comments

Submit Cancel

Daniel8660

6 months, 3 weeks ago

Selected Answer: D

Web Server Attacks - Directory Traversal Attacks Poorly patched or configured web server software can make the web server vulnerable to a directory traversal attack.Directory traversal is the exploitation of HTTP through which attackers can access restricted directories and execute commands outside the web server’s root directory by manipulating a Uniform Resource Locator (URL).Attackers use the ../ (dot-dot-slash) sequence to access restricted directories outside the web server root directory. (P.1627/1611)

upvoted 2 times

...

MksYi

1 year, 3 months ago

correct

upvoted 1 times

...

Novmejst

1 year, 4 months ago

D. Directory traversal - ... Indirectory traversal attacks, attackers use the../ (dot-dot-slash) sequenceto access restricted directories outside the web server root directory ... CEH - Module 13 Page 1611

upvoted 4 times

...

ANDRESCB1988

1 year, 9 months ago