Web application security - the fast guide 1.1 | Page 155

Chapter 7 - Attack execution (3)
P a g e | 155
7.12 QUIZ:
1. Most of operating system attacks through application are caused by:
a. Passing malicious parameters to CGI
b. Injected inputs passed to execution functionality API like (exec in
php)
c. Special characters that will have special meaning in the context of
used OS
d. All the above.
2. To attack a webserver file system attacker should begin searching
for:
a. If a weak password exists.
b. Intersected functionalities having different privilege level
c. Dynamically inserted code or paths
d. Impersonated functionalities
3. Path traversal sequence can be effectively used in:
a. Brute force attack
b. Session hijacking
c. File system attack
d. All the above
4. Path traversal sequence can be effectively used in:
a. Brute force attack
b. Session hijacking
c. File system attack
d. All the above
5. Mail service attack is dangerous due to the fact that:
a. Victim is used as a spam zombie and hold legal responsibility
b. it causes a great damage to files and directory structure.
c. It is a persistent type of attacks that affect anyone visits the
vulnerable website.
d. All the above
6. The main difference between SMTP injection and SMTP header
manipulation is:
a. SMTP injection can be done even with input sanitization.
b. SMTP header manipulation allow higher level of control over file
system.
c. SMTP header manipulation allow sending spam mail I time where
it is not doable with SMTP injection.
d. SMTP injection can generate a message totally control by attacker.
7. Attacking XML is possible only when:
a. Echo functionality is available.