Tag: security

Questions Related to security

The following code is part of a system daemon that is run with elevated privileges. It opens a temp file in /tmp directory as a cache. Is there an issue in this code sample? Please assume that filling up /tmp is not an issue here. int outfile = fopen(“/tmp/cache_data”, O_WRONLY | O_CREAT | O_TRUNC, 0600);

technology security

  1. Since the file name is hard coded, fopen() will fail if the file already exists

  2. 0600 is not a secure option. The parameter 0600 should be changed to 0666

  3. Attackers can exploit by creating a symboling link /tmp/cache_data that points to a system file

  4. Attackers can exploit the application's cache by writing directly to /tmp/cache_data

Show answer
Correct Option: C

Is writing to an already freed memory a vulnerability? x = malloc(200); /* do something with x / free (x); / do something else */ strcpy(x, “somedata”);
technology security

  1. Overwriting freed memory is a security vulnerability

  2. Depends on the application and how important “somedata” is

  3. This will result in a buffer overflow since the freed memory location cannot handle 8 characters of data “somedata”

  4. strcpy() will fail as it cannot write to already freed memory, and the application will crash

Show answer
Correct Option: A

What attacks can get realized due to below code? ... Connection con = null; Statement stmt = null; try{ String personName = req.getParameter("PName"); String personAddress = req.getParameter("PAddress"); String personEmail = req.getParameter("PEmail"); String personPhone = req.getParameter("PPhone"); con= UtilDAO.make_con(); stmt = con.createStatement(); String sql = "INSERT INTO PersonDetails values ('"+personName+"', '"+personAddress+"', '"+personEmail+"', '"+personPhone+"')"; stmt.executeUpdate(sql); con.commit(); stmt.close(); UtilDAO.close(con); } catch(Exception e) { log.debug(“Exception is:”+e); } ...

technology security

  1. Cross Site Scripting

  2. SQL Injection

  3. Improper Resource Release

  4. Option 1 AND Option 2

  5. Option 1 AND Option 2 AND Option 3

  6. Option 2 AND Option 3

Show answer
Correct Option: E

AI Explanation

To answer this question, let's go through each option to understand why it is correct or incorrect:

Option A) Cross Site Scripting (XSS) - This option is incorrect. Cross-Site Scripting refers to injecting malicious scripts into a web application, which can then be executed by users visiting the website. The given code does not involve any user input rendering on the web page, so XSS attack is not possible.

Option B) SQL Injection - This option is correct. SQL Injection refers to manipulating or injecting malicious SQL queries into a database query. In the given code, the SQL query is constructed using string concatenation with user-provided values (personName, personAddress, personEmail, personPhone). This makes the code vulnerable to SQL Injection attacks if the user-provided values are not properly sanitized or validated.

Option C) Improper Resource Release - This option is correct. Improper Resource Release refers to not properly releasing or closing resources after they are used. In the given code, the Connection object (con) and Statement object (stmt) are not being closed in a finally block, which can lead to resource leaks.

Option D) Option 1 AND Option 2 - This option is incorrect. Option 1 refers to Cross-Site Scripting (XSS), which is not applicable in this scenario. Option 2 refers to SQL Injection, which is correct. Therefore, this option is incorrect.

Option E) Option 1 AND Option 2 AND Option 3 - This option is correct. Option 1 (Cross-Site Scripting) is not applicable, but Option 2 (SQL Injection) and Option 3 (Improper Resource Release) are both correct. Therefore, this option is correct.

Option F) Option 2 AND Option 3 - This option is incorrect. Option 2 (SQL Injection) is correct, but Option 3 (Improper Resource Release) is also correct. Therefore, this option is incorrect.

The correct answer is Option E. This option is correct because the code is vulnerable to SQL Injection attacks and also has improper resource release, which can lead to resource leaks.

Identify the line on which the vulnerability exists: 1 public class performSearchAction extends HttpServlet{ 2 // Servlet for Search Action 3 public void doPost(HttpServletRequest req, HttpServletResponse res) 4 { 5 try 6 { 7 ArrayList arrSearch = Util.performSearchAction(req, res); 8 req.setAttribute(“SearchResults”,arrSearch); 9 RequestDispatcher rd = getServletContext().getRequestDispatcher("/SearchResult.jsp"); 10 rd.forward(req,res); 11 } catch (Exception e) { 12 log.debug(“Exception occurred:”+e); 13 } 14 } //End of doPost method 15 public void doGet(HttpServletRequest req, HttpServletResponse res) 16 { 17 doPost(req,res); 18 } //End of doGet method 19 } //End of Class

technology security

  1. Line # 12

  2. Line # 9

  3. Line # 17

  4. Line # 8

  5. Line # 14, 18 & 19

Show answer
Correct Option: C

AI Explanation

To identify the line on which the vulnerability exists, we need to analyze each line of code and determine if there are any potential vulnerabilities.

Let's go through each option:

Option A) Line #12 - This line of code is a debug statement and does not contain any potential vulnerabilities.

Option B) Line #9 - This line of code is responsible for forwarding the request and response objects to the "/SearchResult.jsp" page. It does not appear to have any vulnerabilities.

Option C) Line #17 - This line of code calls the doPost method, which in turn calls the performSearchAction method. There does not appear to be any vulnerabilities in this line of code.

Option D) Line #8 - This line of code sets the "SearchResults" attribute in the request object. It does not appear to have any vulnerabilities.

Option E) Line #14, 18 & 19 - These lines of code mark the end of the doPost and doGet methods, and the end of the class. They do not contain any vulnerabilities.

Based on the analysis, none of the given options contain a vulnerability. Hence, the correct answer is none of the above.

Give the name of the vulnerability resides in the below code: 1 5 6 Your Search for '' has not returned any records 7 8

technology security

  1. Information Leakage

  2. Cross Site Scripting

  3. Cross Site Tracing

  4. Option 1 AND Option 2

  5. Option 1 AND Option 3

  6. Command Injection

Show answer
Correct Option: D

What is wrong in the below code? public void doPost(HttpServletRequest req, HttpServletResponse res) { try { String language = req.getParameter("language"); res.sendRedirect("/doc/"+language+”/index.html”); } catch (Exception e) { } }
technology security

  1. Request Redirection is vulnerable and not a good practice

  2. Exception is not logged

  3. Input parameter “language” is not validated

  4. Option 1 AND Option 2

  5. Option 1 AND Option 3

  6. Option 2 AND Option 3

Show answer
Correct Option: E

In the following code, which is the location of vulnerability? 1 String username = req.getParameter("loginID"); 2 String password = req.getParameter("loginPassword"); 3 String sql = "SELECT UserID from Employee WHERE Emp_ID = ? AND Password=?"; 4 pstmt = con.prepareStatement(sql); 5 pstmt.setString(1,username); 6 pstmt.setString(2,password); 7 pstmt.execute(); 8 user = pstmt.getResultSet(); 9 if(user!=null) 10 { 11 while (user.next()) 12 { 13 userInfo.add(user.getString(1)); 14 } 15 } 16 else 17 { 18 log.debug(“Invalid Login: Login ID-”+ username+” Password-”+ password); 19 }
technology security

  1. Line 5

  2. Line 4

  3. Line 11

  4. Line 18

Show answer
Correct Option: D

In the following code, which is the location of vulnerability? 1 bIsAdmin = true; 2 try 3 { 4 function (); 5 bIsAdmin = isAdminUser(userName); 6 } 7 catch (Exception ex) 8 { 9 log.write(ex.toString()); 10 }

technology security

  1. Line 1

  2. Line 5

  3. Line 7

  4. Line 9

Show answer
Correct Option: A

AI Explanation

To answer this question, we need to identify the location of the vulnerability in the given code.

In this code snippet, the vulnerability is located at line 1: bIsAdmin = true;.

The variable bIsAdmin is being set to true without any validation or authentication checks. This means that any user can be assigned the bIsAdmin value of true, regardless of their actual user privileges. This can potentially lead to unauthorized access or privilege escalation if the bIsAdmin value is used to control access or perform critical operations.

Therefore, the correct answer is A) Line 1.

Is SQL injection possible in the below code? String username = request.getParameter(“username”); String password = request.getParameter(“password”); conn = pool.getConnection( ); PreparedStatement pstmt = conn.prepareStatement(“select * from user where username=”+username+” and password=”+password); pstmt.execute(); rs = pstmt.getResultSet();

technology security

  1. True

  2. False

Show answer
Correct Option: A

Give the name of the vulnerability resides in the below code: ... Runtime rt = Runtime.getRuntime(); Process proc = rt.exec("cmd.exe /c type "+request.getParameter("path")); //path is an Input Parameter and contains the file name. InputStream stdin = proc.getInputStream(); InputStreamReader isr = new InputStreamReader(stdin); BufferedReader br = new BufferedReader(isr); ...
technology security

  1. Race Condition

  2. Command Injection

  3. Denial of Service

  4. Cross Site Request Forgery

  5. HTML Injection

Show answer
Correct Option: B