Which of the following was used to perform this attack?

seenagapeMay 1, 2016

Sara, a hacker, is completing a website form to request a free coupon. The site has a field that
limits the request to 3 or fewer coupons. While submitting the form, Sara runs an application on
her machine to intercept the HTTP POST command and change the field from 3 coupons to 30.
Which of the following was used to perform this attack?

PrepAway - Latest Free Exam Questions & Answers

A.
SQL injection

B.
XML injection

C.
Packet sniffer

D.
Proxy

Explanation:
When a web user takes advantage of a weakness with SQL by entering values that they should
not, it is known as a SQL injection attack. Similarly, when the user enters values that query XML
(known as XPath) with values that take advantage of exploits, it is known as an XML injection
attack. XPath works in a similar manner to SQL, except that it does not have the same levels of
access control, and taking advantage of weaknesses within can return entire documents. The best
way to prevent XML injection attacks is to filter the user’s input and sanitize it to make certain that
it does not cause XPath to return more data than it should.

Get 50% Discount on All Your Purchases
at PrepAway.com - Latest Exam Questions

This is ONE TIME OFFER

Enter your email address to receive your 50% off dicount code:

SPECIAL OFFER: GET 50% OFF

Use Discount Code:

CompTIA Exam Questions

Free CompTIA Study Guide

Which of the following was used to perform this attack?

Leave a Reply Cancel reply