Tag: technology

Questions Related to technology

With what command you can see your user name?
technology operating systems

  1. I

  2. me

  3. whoami

  4. pwd

Show answer
Correct Option: C

Give the name of the vulnerability resides in the below code: ... Runtime rt = Runtime.getRuntime(); Process proc = rt.exec("cmd.exe /c type "+request.getParameter("path")); //path is an Input Parameter and contains the file name. InputStream stdin = proc.getInputStream(); InputStreamReader isr = new InputStreamReader(stdin); BufferedReader br = new BufferedReader(isr); ...
technology security

  1. Race Condition

  2. Command Injection

  3. Denial of Service

  4. Cross Site Request Forgery

  5. HTML Injection

Show answer
Correct Option: B

Give the reason(s) of Information leakage in the below code: 1 ... 2 3 4 Please enter your Login ID and Password to get into the Web Site. 5 6 Enter Login ID : 7 Enter Password : 8 9 10 11 12 ...

technology security

  1. auto-complete ON

  2. Improper usage of HTTP Method

  3. Developer Comments

  4. Option 2 AND Option 3

  5. Option 1 AND Option 3

  6. All

Show answer
Correct Option: F

Which attack(s) are possible in the below code: protected void doGet(HttpServletRequest req, HttpServletResponse res) throws IOException { String name = req.getParameter("name"); ... out.println("hello " + name.trim()); }

technology security

  1. Reflected Cross Site Scripting

  2. Improper Error Handling

  3. Directory Listing

  4. Phishing

  5. Option 1 AND Option 2 AND Option 4

  6. Option 1 AND Option 2

Show answer
Correct Option: E

AI Explanation

To determine which attack(s) are possible in the given code, let's go through each option:

Option A: Reflected Cross Site Scripting (XSS) - This attack involves injecting malicious scripts into a website, which are then executed by the victim's browser. In the given code, the "name" parameter is directly concatenated with the string "hello" and written to the output. This can potentially allow an attacker to inject malicious scripts into the "name" parameter and execute them in the victim's browser. Therefore, this code is vulnerable to Reflected Cross Site Scripting.

Option B: Improper Error Handling - This attack involves mishandling errors or exceptions in a way that exposes sensitive information or provides valuable clues to an attacker. The given code does not directly handle errors or exceptions, so this code is not vulnerable to Improper Error Handling.

Option C: Directory Listing - This attack involves exposing the contents of directories on a web server, which can lead to the disclosure of sensitive information. The given code does not involve directory listing, so this code is not vulnerable to Directory Listing.

Option D: Phishing - This attack involves tricking users into providing sensitive information by impersonating a trusted entity. The given code does not involve any phishing techniques, so this code is not vulnerable to Phishing.

Based on the above analysis, the correct answer is E. Option 1 (Reflected Cross Site Scripting) AND Option 2 (Improper Error Handling) AND Option 4 (Phishing) are possible attacks in the given code.

Which attack(s) are possible in the below code:

technology security

  1. Content Spoofing

  2. HTTP Response Splitting

  3. Directory Listing

  4. Option 1 AND Option 2

  5. Option 2 AND Option 3

Show answer
Correct Option: D

Identify the name of the vulnerability exist in the below code: 1 ... 2 public class ShowUserDetailsAction extends HttpServlet 3 { 4 private String currentUser; 5 public void doPost(HttpServletRequest req, HttpServletResponse res) 6 { 7 try 8 { 9 currentUser = req.getParameter("userID"); 10 RequestDispatcher rd = getServletContext().getRequestDispatcher ("/ShowDetails.jsp"); 11 if (!"".equals(currentUser)) 12 { 13 14 ArrayList userInfo = new ArrayList(); 15 LoginDAO objLoginDAO = new LoginDAO(); 16 userInfo = objLoginDAO.getUserInfo(currentUser); 17 18 if (userInfo!=null && (userInfo.size()!= 0)) 19 { 20 req.setAttribute("UserInfo", userInfo); 21 } 22 else 23 { 24 req.setAttribute("NoUser", "true"); 25 } 26 } 27 rd.forward(req,res); 28 } catch (Exception e) 29 { 30 log.debug(“Error Occurred:”+ e); 31 } 32 } 33 } 34 ...

technology security

  1. URL Tampering

  2. Brute Forcing

  3. Race Condition

  4. HTML Injection

  5. XSS

Show answer
Correct Option: A

Identify the weakness in the below JSP file: 1 ... 2 3 4 8 9 11 12 13 14 function doBack() 15 { 16 history.go(-1); 17 } 18 function doDelete() 19 { 20 document.forms[0].action="/DeleteUsersAction"; 21 document.forms[0].submit(); 22 } 23 24 ...

technology security

  1. SQL Injection

  2. Cross Site Scripting

  3. Broken Access Control

  4. Improper Resource Initialization

Show answer
Correct Option: C

Identify the weakness in the below JSP file: 1 2 ... 3 Dear User, 4 5 If you liked our services, then you would like to refer it to your friends. 6 7 Click on the below link: 8 9 ";> "Refer a Friend"! 10 ... 11

technology security

  1. Information Disclosure

  2. Cross Site Scripting

  3. Usage of Risky Encryption

  4. All of the above

Show answer
Correct Option: C

Identify the Vulnerable Line # in the below code: 1 ... 2 public static Connection getConnection() 3 { 4 Connection con = null; 5 try 6 { 7 Class.forName("sun.jdbc.odbc.JdbcOdbcDriver"); 8 con = DriverManager.getConnection("jdbc:odbc:Lookup","admin","admin"); 9 10 }catch (ClassNotFoundException e) 11 { 12 if(con!=null) 13 close(con); 14 log.debug(“Error Occurred:” + e); 15 16 } catch(SQLException ex) 17 { 18 19 if(con!=null) 20 close(con); 21 log.debug(“Error Occurred:” + ex); 22 } 23 return con; 24 } 25 ...

technology security

  1. Line # 4

  2. Line # 13 & 20

  3. Line # 7 & 8

  4. None of the above

Show answer
Correct Option: C

AI Explanation

To identify the vulnerable line in the given code, we need to understand what vulnerability we are looking for.

In this case, the code is establishing a database connection using JDBC. The vulnerability we are looking for is an SQL injection vulnerability, where an attacker can manipulate the SQL query being executed.

Looking at the code, we can see that the SQL query is being constructed in line #8 using a hardcoded username and password. This can be a potential vulnerability if the username and password are not properly validated or sanitized.

Therefore, the vulnerable lines in the code are Line #7 and Line #8.

The correct answer is C) Line #7 and Line #8.

Following list shows entries in the web.xml deployment descriptor for Exception & Error Handling. Please identify which one is correct a. java.lang.Throwable /error.jsp b. 500 /error.jsp c. /error.jsp

technology security

  1. a

  2. b

  3. c

  4. a AND b

  5. a AND b AND c

Show answer
Correct Option: D