An administrator discovers the following log entry on a server.
Nov 12 2013 00:23:45 httpd[2342]: /app2/prod/process.php?input=change.cd%20./././ect:
cat%20shadow
Which of the following attacks is being attempted?
A.
Command injection
B.
Password attack
C.
Buffer overflow
D.
Cross-site scripting
Tricky question since the two commands: “change cd” to the /etc folder and “cat” the shadow file which stores passwords are injected in the input field of a http deamon (buffer overflow attack type) in order to display the password file.
Not sure what is the correct one. A or C but not B since password attack are brute force, dictionary, and key logger.
0
0