Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

ISC2 Exam CAP Topic 6 Question 81 Discussion

Actual exam question for ISC2's CAP exam
Question #: 81
Topic #: 6
[All CAP Questions]

In the screenshot below, an attacker is attempting to exploit which vulnerability?

POST /upload.php HTTP/1.1

Host: example.com

Cookie: session=xyz123;JSESSIONID=abc123

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) rv:107.0

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Content-Type: multipart/form-data; boundary=----WebKitFormBoundary7MA4YWxkTrZu0gW

Content-Length: 12345

Connection: keep-alive

Content-Disposition: form-data; name="avatar"; filename="malicious.php"

Content-Type: image/jpeg

phpinfo();

?>

Show Suggested Answer Hide Answer
Suggested Answer: C

by Stephaine at Mar 18, 2024, 11:22 PM

Limited Time Offer

25%

Off

Get Premium CAP Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Lorean
9 days ago
Hmm, this one's tricky. But if I had to guess, I'd say it's a File Upload Vulnerability. Who needs security when you have pure guesswork, am I right?
upvoted 0 times
...
Fausto
12 days ago
I'm not sure, but the fact that the attacker is trying to upload a file called 'malicious.php' makes me think it's some kind of file upload attack. Is that right?
upvoted 0 times
...
Margart
12 days ago
I'm not sure, but it could also be a Server-Side Request Forgery based on the request headers.
upvoted 0 times
...
Theresia
13 days ago
The attacker is trying to upload a malicious PHP file, so the answer is clearly C) File Upload Vulnerability. Easy peasy!
upvoted 0 times
...
Sheridan
13 days ago
I agree with Avery, the payload in the request indicates a File Upload Vulnerability.
upvoted 0 times
...
Avery
14 days ago
I think the attacker is trying to exploit a File Upload Vulnerability.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77