Sara, a hacker, is completing a website form to request a free coupon. The site has a field that
limits the request to 3 or fewer coupons. While submitting the form, Sara runs an application on
her machine to intercept the HTTP POST command and change the field from 3 coupons to 30.
Which of the following was used to perform this attack?
A.
SQL injection
B.
XML injection
C.
Packet sniffer
D.
Proxy
Explanation:
This sounds more like a XML injection?
0
0
Yeah, How is a proxy server being used here?
0
0
Could anyone explain what would be a proxy type attack?
0
0
The correct answer is B – XML injection. See other versions of this exam questions.
0
0
I believe the application intercepting the commands is considered a proxy.
0
0
How is it an XML injection? Based on what I’ve researched, a proxy sounds like the best answer.
0
0
By design, the HTTP POST request method requests that a web server accepts the data enclosed in the body of the request message, most likely for storing it.
It is often used when uploading a file or when submitting a completed web form.
In contrast, the HTTP GET request method retrieves information from the server.
An HTTP POST and HTTP GET request methods are typically written in XML.
Since the HTTP POST command was changed from 3 to 30 by Sara running an application on her machine, we are clearly talking about the modification of the XML code = XML INJECTION in here.
This means that the SQL Language was not used (As SQL is not used to create HTTP POST or an HTTP GET request methods)
• When a web user takes advantage of a weakness with SQL by entering values that they should not, it is known as a SQL injection attack.
• Similarly, when the user enters values that query XML (known as XPath) with values that take advantage of exploits, it is known as an XML injection attack.
The other two answers are plainly wrong.
0
0