ExamTopics Logo
Mail Us[email protected]
Menu
Eccouncil Discussions
exam questions

Exam 312-50v11 All Questions

View all questions & answers for the 312-50v11 exam
Go to Exam

Exam 312-50v11 topic 1 question 383 discussion

Actual exam question from ECCouncil's 312-50v11
Question #: 383
Topic #: 1
[All 312-50v11 Questions]

Calvin, a software developer, uses a feature that helps him auto-generate the content of a web page without manual involvement and is integrated with SSI directives. This leads to a vulnerability in the developed web application as this feature accepts remote user inputs and uses them on the page. Hackers can exploit this feature and pass malicious SSI directives as input values to perform malicious activities such as modifying and erasing server files.
What is the type of injection attack Calvin's web application is susceptible to?

  • A. CRLF injection
  • B. Server-side template injection
  • C. Server-side JS injection
  • D. Server-side includes injection
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by jinjection at Sept. 28, 2021, 9:53 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
blacksheep6r
Highly Voted 1 year, 8 months ago
Server-side Includes is an application feature that helps designers to auto-generate the content of the web page without manual involvement Attackers exploit this feature to pass malicious SSI directives as input values and perform malicious activities
upvoted 8 times
...
Daniel8660
Most Recent 8 months, 1 week ago
Selected Answer: D
Web Application Threats - A1 - Injection Flaws Other Injection Attacks - Server-Side Includes Injection Server-side Includes is an application feature that helps designers to auto-generate the content of the web page without manual involvement.Attackers launch server-side injection attacks to take control over web applications integrated with SSI directives. Attackers exploit this feature and pass malicious SSI directives as input values to perform malicious activities such as modifying and erasing server files, running shell commands, and taking control over critical files such as “/etc/passwd”. (P.1756/1740)
upvoted 2 times
...
pyw
1 year ago
answer is IN the question
upvoted 3 times
...
jinjection
1 year, 8 months ago
correct
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel