https://www.comptia.com/cookies.jsp?

RC0-C02 0 Comments

A security tester is testing a website and performs the following manual query:

https://www.comptia.com/cookies.jsp?products=5%20and%201=1

The following response is received in the payload:

"ORA-000001: SQL command not properly ended"

Which of the following is the response an example of?
A . Fingerprinting
B . Cross-site scripting
C . SQL injection
D . Privilege escalation

Answer: A

Explanation:

This is an example of Fingerprinting. The response to the code entered includes "ORA-000001" which tells the attacker that the database software being used is Oracle.

Fingerprinting can be used as a means of ascertaining the operating system of a remote computer on a network. Fingerprinting is more generally used to detect specific versions of applications or protocols that are run on network servers. Fingerprinting can be accomplished "passively" by sniffing network packets passing between hosts, or it can be accomplished "actively" by transmitting specially created packets to the target machine and analyzing the response.

Incorrect Answers:

B: Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications. XSS enables attackers to inject client-side script into Web pages viewed by other users. The code in the question is not an example of XSS.

C: SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker). The code entered in the question is similar to a SQL injection attack but as the SQL command was not completed, the purpose of the code was just to return the database software being used.

D: Privilege escalation is the act of exploiting a bug, design flaw or configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user. The code in the question is not an example of privilege escalation.

References:

http://www.yourdictionary.com/fingerprinting

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments