Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CHFI Certificate > Investigating_Web_Attacks > Flashcards

Investigating_Web_Attacks Flashcards

1
Q

(\%3C)|<)

A

It looks for opening angled bracket or its hex equivalent.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

((\%2F)|\/)*

A

It looks for the forward slash for a closing tag or its hex equivalent.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

[a-zA-Z0-9\%]+

A

It searches for upper and lower-case alphanumeric strings inside the tag, or their hex equivalent.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

((\%3E)|(\%253E)|>)

A

It looks for closing angled bracket or its hex equivalent.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Operators: ‘’, $()

A

These operators ask the command line to execute the command provided

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Logical operator: &&

A

The function of the AND operator (&&) is to execute a subsequent command if the execution of the previous command succeeds.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Logical operator: ||

A

Also known as the OR operator, || allows the execution of a subsequent command if the execution of the previous command fails.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Pipe Operator: |

A

The pipe operator (|) attaches the output of one command as the input for another.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

/exec(\s|+)+(s|x)p\w+/ix

A

Regex for Detecting SQL Injection Attacks on an MSSQL Server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

/((\%27)|('))union/ix

A

Regex for Detecting SQL Injection with the UNION Keyword

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

/(\%27)|(')|(--)|(\%23)|(#)/ix

A

Regex for Detecting SQL Meta-Characters

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

/((\%3C)|<)((\%2F)|\/)*[a-ZA-Z0-9\%]+((\%3E)|(\%253E)|>)/ix

A

Regex for Detecting Simple XSS Attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

script with toggle case

A 
<script>
alert("XSS")
</script>
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Hex encoded script

A

%3cscript%3ealert(“XSS”)%3c/script%3e>

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

normal script

A 
<script>
alert("XSS")
</script>
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

double encoded script

A

%253cscript%253ealert(1)%253c/script%253e

17
Q

/(javascript|vbscript|script|embed|object|iframe|frameset)/i:

A

Regex for HTML Tags-Based XSS Attempt.

18
Q

/((\%3C)|<)((\%69)|i|(\%49))((\%6D)|m|(\%4D))((\%67)|g|(\%47))[^\n]+((\%3E)|>)/I

A

Regex for Detecting “<img src” XSS Attack

19
Q

/((\%3C)|<)[^\n]+((\%3E)|>)/I

A

Paranoid Regex for CSS Attacks

20
Q

%3C -hex value

A

< - decoded

21
Q

%3E -hex value

A

> -decoded

22
Q

%28 -hex value

A

( -decoded

23
Q

%2F -hex value

A

/ -decoded

23
Q

%29

A

) -decoded

24
Q
A

CHFI Certificate (8 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions