An administrator is reviewing logs and sees the following entry:
Message: Access denied with code 403 (phase 2). Pattern match "bunionb.{1,100}?bselectb" at ARGS:$id. [data "union all select"] [severity "CRITICAL"] [tag "WEB_ATTACK"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"]
Action: Intercepted (phase 2) Apache-Handler: php5-script
Which of the following attacks was being attempted?
A. Session hijacking
B. Cross-site script
C. SQL injection
D. Buffer overflow
How to PASS CAS-004 in First Attempt?FULL Printable PDF and Software. VALID exam to help you PASS. |
 |
I agree with provided answer of “C”.
WASC-19 means SQL Injection.
I am not sure this is too difficult for Security+.