Web Fundamentals 3

Which tool can be useful when testing parameter manipulation?
Browser
Webserver
Proxy
Email Address
Proxy
Which of the following is not a common CMS (Content Management System)?
WordPress
PressWord
Joomla
Drupal
PressWord
Which of the following is a common vulnerability for Drupal?
Droop
DrupalShot
DrupalZilla
Druppalgeddon
Druppalgeddon
What is the difference between WWW and the internet?
Both are the same
WWW is indexed pages
WWW does not use DNS
Internet is indexed web pages
WWW is indexed pages
What is one of the reasons that command injection may exist?
incorrect SIEM implementation
use of command line
lack of input validation
web servers having incorrect permissions
lack of input validation
Is it possible to manipulate hidden parameters in a proxy?
Yes
hidden parameters are protected
hidden parameters are not visible
yes but only by breaking Burp Terms & Conditions
Yes
What is needed for CSRF to be successful?
a URL
a phishing email
Cookie based session handling
physical access to the target machine
Cookie based session handling
www.northgreen-insecure.com/server.php?cmd=pwd may be vulnerable to what kind of attack?
Command Injection
Cross-Site Scripting (XSS)
SQL injection
user enumeration
Command Injection
Which vulnerability is most likely to lead to an attacker attempting privilege escalation on the underlying web server?
Cross-Site Scripting (XSS)
Command Injection
Cross-Site Request Forgery
Parameter Encoding
Command Injection
What is a key risk of CMS platforms?
CMS platforms do not have any major risks
They can not be protected against DDoS attacks
That the code will exhaust server memory
One vulnerability could impact multiple sites
One vulnerability could impact multiple sites
Exit
Confirm Answers
Your Score
Score Label
Score Summary
View AnswersContinue to Dashboard