Which of the following was launched against a company based on the following IDS log?
122.41.15.252 – – [21/May/2012:00:17:20 +1200] “GET
/index.php?
username=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAA
AAA HTTP/1.1″ 200 2731 “http://www.company.com/cgibin/
forum/commentary.pl/noframes/read/209″ “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Hotbar 4.4.7.0)”

A.
SQL injection

B.
Buffer overflow attack

C.
XSS attack

D.
Online password crack

Explanation:
The username should be just a username; instead we can see it’s a long line of text with an HTTP command in it. This is an example of a buffer overflow attack. A
buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold. Since buffers are
created to contain a finite amount of data, the extra information – which has to go somewhere – can overflow into adjacent buffers, corrupting or overwriting the valid
data held in them. Although it may occur accidentally through programming error, buffer overflow is an increasingly common type of security attack on data
integrity. In buffer overflow attacks, the extra data may contain codes designed to trigger specific actions, in effect sending new instructions to the attacked
computer that could, for example, damage the user’s files, change data, or disclose confidential information. Buffer overflow attacks are said to have arisen
because the C programming language supplied the framework, and poor programming practices supplied the vulnerability.
Incorrect Answers:

A: SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for
execution (e.g. to dump the database contents to the attacker). SQL injection must exploit a security vulnerability in an application’s software, for example, when
user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly
executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database. The code in the question is not SQL
code.
Therefore, this answer is incorrect.
C: Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications. XSS enables attackers to inject client-side script into
Web pages viewed by other users.
Cross-site scripting uses known vulnerabilities in web-based applications, their servers, or plug- in systems on which they rely. Exploiting one of these, attackers
fold malicious content into the content being delivered from the compromised site. When the resulting combined content arrives at the client-side web browser, it
has all been delivered from the trusted source, and thus operates under the permissions granted to that system. By finding ways of injecting malicious scripts into
web pages, an attacker can gain elevated access-privileges to sensitive page content, session cookies, and a variety of other information maintained by the
browser on behalf of the user. The code in this question is not an example of an XSS attack. Therefore, this answer is incorrect.
D: The code in the question is not an online password crack. The long text in place of a username indicates an attempt to overflow a memory buffer. Therefore, this
answer is incorrect.

http://searchsecurity.techtarget.com/definition/buffer-overflow http://en.wikipedia.org/wiki/SQL_injection
http://en.wikipedia.org/wiki/Cross-site_scripting