CompTIA Security+ Exam: Identifying Attacks on Web Application Firewalls

Identifying Attacks on Web Application Firewalls

Prev Question Next Question

Question

A security analyst receives an alert from a WAF with the following payload: var data= '<test test test>' ++ <../../../../../../etc/passwd>' Which of the following types of attacks is this?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D. E.

D.

The payload provided in the question is attempting to exploit a vulnerability in the web application firewall (WAF) by embedding a malicious payload within the legitimate payload.

The payload consists of two parts:

  1. The first part (&amp;lt;test test test&amp;gt;) is a benign payload that is used to disguise the second part of the payload.

  2. The second part (&amp;lt;../../../../../../etc/passwd&amp;gt;) is a malicious payload that attempts to access sensitive system files.

Based on the nature of the payload, we can identify that this is a type of attack known as a Path Traversal attack.

Path Traversal attacks involve the attacker manipulating input data to access files or directories that are outside of the web application's root directory. In this case, the attacker is attempting to access the /etc/passwd file, which is a file that contains user account information on a Linux system.

Therefore, the correct answer to this question is: C. SQL injection.

Prev Question Next Question