ExamTopics Logo
Mail Us[email protected]
Menu
Eccouncil Discussions
exam questions

Exam 312-50v11 All Questions

View all questions & answers for the 312-50v11 exam
Go to Exam

Exam 312-50v11 topic 1 question 321 discussion

Actual exam question from ECCouncil's 312-50v11
Question #: 321
Topic #: 1
[All 312-50v11 Questions]

A "Server-Side Includes" attack refers to the exploitation of a web application by injecting scripts in HTML pages or executing arbitrary code remotely.
Which web-page file type, if it exists on the web server, is a strong indication that the server is vulnerable to this kind of attack?

  • A. .stm
  • B. .cms
  • C. .rss
  • D. .html
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by Scryptic at Sept. 28, 2021, 12:57 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Scryptic
Highly Voted 2 years, 4 months ago
A Web page with an ".stm" extension is an .HTM file that contains server side includes (SSI). These "includes" are directives that are processed by the Web server when the page is accessed by a user. They are used to generate dynamic content. SSI Web pages can be viewed as a standard HTML page in any browser.
upvoted 12 times
...
victorfs
Most Recent 8 months, 3 weeks ago
Selected Answer: A
The correct option is A. Stm is asp files and they are vulns to SSI attacks html is basic files!
upvoted 1 times
...
GummyBear95
11 months ago
Got this question on the exam 21.02.23
upvoted 4 times
...
Daniel8660
1 year, 3 months ago
Selected Answer: A
Defend Against Injection Attacks - Server-Side Include Injection Avoid using pages with file name extensions such as .stm, .shtm, and .shtml to prevent attacks. (P.1986/1970)
upvoted 4 times
...
Benoit_G
1 year, 4 months ago
Selected Answer: A
.stm Correct answer
upvoted 1 times
Benoit_G
1 year, 4 months ago
"Another way to discover if the application is vulnerable is to verify the presence of pages with extension .stm, .shtm and .shtml" https://owasp.org/www-community/attacks/Server-Side_Includes_(SSI)_Injection#:~:text=The%20Server%2DSide%20Includes%20attack,use%20through%20user%20input%20fields
upvoted 1 times
...
...
Gerasz87
1 year, 9 months ago
Selected Answer: A
stm In order for a web server to recognize an SSI-enabled HTML file and therefore carry out these instructions, either the filename should end with a special extension, by default .shtml, .stm, .shtm, or, if the server is configured to allow this, set the execution bit of the file https://en.wikipedia.org/wiki/Server_Side_Includes https://owasp.org/www-community/attacks/Server-Side_Includes_(SSI)_Injection
upvoted 1 times
...
Li8tleOwl
1 year, 11 months ago
Selected Answer: A
Avoid using pages with file name extensions such as .stm, .shtm, and .shtml to prevent attacks pg 1970 CEH official guide
upvoted 4 times
...
harp0202
1 year, 11 months ago
A is correct. The Server-Side Includes attack allows the exploitation of a web application by injecting scripts in HTML pages or executing arbitrary codes remotely. It can be exploited through manipulation of SSI in use in the application or force its use through user input fields. Another way to discover if the application is vulnerable is to verify the presence of pages with extension .stm, .shtm and .shtml. (Reference: https://owasp.org/www-community/attacks/Server-Side_Includes_(SSI)_Injection#:~:text=The%20Server%2DSide%20Includes%20attack,use%20through%20user%20input%20fields)
upvoted 4 times
...
B4RK3
1 year, 11 months ago
Selected Answer: A
correct
upvoted 1 times
...
egz21
2 years ago
Selected Answer: D
Option is D) but .stm is an extensiom of html file
upvoted 1 times
...
egz21
2 years, 1 month ago
thats correct , I share the next explanation: https://owasp.org/www-community/attacks/Server-Side_Includes_(SSI)_Injection#:~:text=The%20Server%2DSide%20Includes%20attack,use%20through%20user%20input%20fields.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel