An administrator discovers the following log entry on a server:
Nov 12 2013 00:23:45 httpd[2342]: GET
/app2/prod/proc/process.php?input=change;cd%20../../../etc;cat%20shadow
Which of the following attacks is being attempted?
A. Command injection
B. Password attack
C. Buffer overflow
D. Cross-site scripting
A. After further thought, this attack is not one of the 7 primary password attacks, but does fit the description of an injection attack: “With a command injection attack, the goal is to execute arbitrary commands on the host operating system via a vulnerable application.”
B. The unix/linux cat command on the shadow file will list the password info. The /etc/shadow file stores actual password in encrypted format and other passwords related information such as user name, last password change date, password expiration values, etc. So the command may be “injection” but the end goal is to list password info. So its a password attack. Are we to focus on the means or the ends? the means: an injection attack; the ends: to attack the password (shadow) file.
This is a command injection attack because it is attempting to run the cd and cat commands.
Correct Answer is A: Command Injection
https://blogs.getcertifiedgetahead.com/log-entries-and-security/
comptia.real-exams.sy0-501.v2019-06-29.by.kimberly.311q
says that the correct answer is A command injection