A penetration tester conducted an assessment on a web server. The logs from this session show the following:
Which of the following attacks is being attempted?
Exam PT0-002 All QuestionsBrowse all questions from this exam
Question 136
Correct Answer: C
The attack being attempted is Parameter Pollution. Based on the URL provided, the attacker is including multiple values for the 'serviceID' parameter, attempting to manipulate how the server processes these parameters. This can lead to unexpected behavior, such as executing a SQL command embedded in the URL. The URL includes a SQL query attempting to drop a table, which indicates an effort to manipulate the query being sent to the server, a clear sign of parameter pollution.
Discussion
Chemical2007Option: C
I think the answer is parameter pollution
RRabbitOption: C
The logs shows that the attacker is attempting to pollute the "serviceID" parameter by providing multiple values for the same parameter in the request. This can cause the server to behave in unexpected ways, potentially leading to security issues such as SQL injection, in this case, the attacker is attempting to add a "DROP TABLE SERVICES" statement to the query being sent to the server in an attempt to delete the services table.
zimuzOption: C
parameter pollution
TheSkyManOption: C
Here's a good explanation and example of HTTP Parameter Pollution: https://book.hacktricks.xyz/pentesting-web/parameter-pollution
ciguy935yaknowOption: C
C https://www.google.com/search?q=parameter+pollution+attack&sxsrf=APwXEdf4-XO-9oWxUd_Z03YOX75kZT2Q3w%3A1680790807394&ei=F9UuZJTkF_OjkPIPz6Gf-AM&ved=0ahUKEwjUy5DYuZX-AhXzEUQIHc_QBz8Q4dUDCBA&uact=5&oq=parameter+pollution+attack&gs_lcp=Cgxnd3Mtd2l6LXNlcnAQAzIFCAAQgAQyBggAEBYQHjIGCAAQFhAeMgYIABAWEB4yBggAEBYQHjIGCAAQFhAeMggIABCKBRCGAzIICAAQigUQhgMyCAgAEIoFEIYDMggIABCKBRCGAzoKCAAQRxDWBBCwA0oECEEYAFC1CliBH2C_IGgBcAF4AIABmgGIAYcNkgEEMS4xM5gBAKABAcgBCMABAQ&sclient=gws-wiz-serp#fpstate=ive&vld=cid:4c1543d3,vid:QVZBl8yxVX0
deeden
Thank you for sharing the link.
[Removed]Option: C
C is correct answer
Mr_BuCk3th34DOption: C
All input validation flaws are caused by unsanitized data flows between the front-end and the several back-ends of a web application. HTTP Parameter Pollution (HPP) attacks can be defined as the feasibility to override or add HTTP GET/POST parameters by injecting query string delimiters. Regular attack: http://webApplication/showproducts.asp?prodID=9 UNION SELECT 1,2,3 FROM Users WHERE id=3 — Source: https://owasp.org/www-pdf-archive/AppsecEU09_CarettoniDiPaola_v0.8.pdf
ronniehaangOption: C
Input validation techniques are the go-to standard for protecting against injection attacks. However, it’s important to understand that attackers have historically discovered ways to bypass almost every form of security control. Parameter pollution is one technique that attackers have used successfully to defeat input validation controls. Parameter pollution works by sending a web application more than one value for the same input variable.
Etc_Shadow28000Option: C
C. Parameter Pollution. The URL in question includes two serviceID parameters (serviceID=892 and serviceID=892 ' ; DROP TABLE SERVICES; --). This is an attempt to manipulate the query and execute a SQL injection attack by introducing a malicious SQL statement. A. Clickjacking: This involves tricking a user into clicking something different from what they perceive, typically by overlaying an invisible frame. This attack is not relevant to the provided URL. B. Session hijacking: This involves stealing or taking over a user’s session. The URL does not indicate any attempt to hijack a session. D. Cookie hijacking: This involves stealing cookies to gain unauthorized access to a user’s session. The URL does not indicate any attempt to hijack cookies. E. Cross-site scripting (XSS): This involves injecting malicious scripts into web pages viewed by others. The URL is clearly trying to execute a SQL command rather than injecting a script.