Tag: security

Questions Related to security

The following code is part of a system daemon that is run with elevated privileges. It opens a temp file in /tmp directory as a cache. Is there an issue in this code sample? Please assume that filling up /tmp is not an issue here. int outfile = fopen(“/tmp/cache_data”, O_WRONLY | O_CREAT | O_TRUNC, 0600);
technology security

  1. Since the file name is hard coded, fopen() will fail if the file already exists

  2. 0600 is not a secure option. The parameter 0600 should be changed to 0666

  3. Attackers can exploit by creating a symboling link /tmp/cache_data that points to a system file

  4. Attackers can exploit the application's cache by writing directly to /tmp/cache_data

Show answer
Correct Option: C

Is writing to an already freed memory a vulnerability? x = malloc(200); /* do something with x / free (x); / do something else */ strcpy(x, “somedata”);
technology security

  1. Overwriting freed memory is a security vulnerability

  2. Depends on the application and how important “somedata” is

  3. This will result in a buffer overflow since the freed memory location cannot handle 8 characters of data “somedata”

  4. strcpy() will fail as it cannot write to already freed memory, and the application will crash

Show answer
Correct Option: A

What attacks can get realized due to below code? ... Connection con = null; Statement stmt = null; try{ String personName = req.getParameter("PName"); String personAddress = req.getParameter("PAddress"); String personEmail = req.getParameter("PEmail"); String personPhone = req.getParameter("PPhone"); con= UtilDAO.make_con(); stmt = con.createStatement(); String sql = "INSERT INTO PersonDetails values ('"+personName+"', '"+personAddress+"', '"+personEmail+"', '"+personPhone+"')"; stmt.executeUpdate(sql); con.commit(); stmt.close(); UtilDAO.close(con); } catch(Exception e) { log.debug(“Exception is:”+e); } ...
technology security

  1. Cross Site Scripting

  2. SQL Injection

  3. Improper Resource Release

  4. Option 1 AND Option 2

  5. Option 1 AND Option 2 AND Option 3

  6. Option 2 AND Option 3

Show answer
Correct Option: E

Identify the line on which the vulnerability exists: 1 public class performSearchAction extends HttpServlet{ 2 // Servlet for Search Action 3 public void doPost(HttpServletRequest req, HttpServletResponse res) 4 { 5 try 6 { 7 ArrayList arrSearch = Util.performSearchAction(req, res); 8 req.setAttribute(“SearchResults”,arrSearch); 9 RequestDispatcher rd = getServletContext().getRequestDispatcher("/SearchResult.jsp"); 10 rd.forward(req,res); 11 } catch (Exception e) { 12 log.debug(“Exception occurred:”+e); 13 } 14 } //End of doPost method 15 public void doGet(HttpServletRequest req, HttpServletResponse res) 16 { 17 doPost(req,res); 18 } //End of doGet method 19 } //End of Class

technology security

  1. Line # 12

  2. Line # 9

  3. Line # 17

  4. Line # 8

  5. Line # 14, 18 & 19

Show answer
Correct Option: C

AI Explanation

To identify the line on which the vulnerability exists, we need to analyze each line of code and determine if there are any potential vulnerabilities.

Let's go through each option:

Option A) Line #12 - This line of code is a debug statement and does not contain any potential vulnerabilities.

Option B) Line #9 - This line of code is responsible for forwarding the request and response objects to the "/SearchResult.jsp" page. It does not appear to have any vulnerabilities.

Option C) Line #17 - This line of code calls the doPost method, which in turn calls the performSearchAction method. There does not appear to be any vulnerabilities in this line of code.

Option D) Line #8 - This line of code sets the "SearchResults" attribute in the request object. It does not appear to have any vulnerabilities.

Option E) Line #14, 18 & 19 - These lines of code mark the end of the doPost and doGet methods, and the end of the class. They do not contain any vulnerabilities.

Based on the analysis, none of the given options contain a vulnerability. Hence, the correct answer is none of the above.

Give the name of the vulnerability resides in the below code: 1 5 6 Your Search for '' has not returned any records 7 8

technology security

  1. Information Leakage

  2. Cross Site Scripting

  3. Cross Site Tracing

  4. Option 1 AND Option 2

  5. Option 1 AND Option 3

  6. Command Injection

Show answer
Correct Option: D

What is wrong in the below code? public void doPost(HttpServletRequest req, HttpServletResponse res) { try { String language = req.getParameter("language"); res.sendRedirect("/doc/"+language+”/index.html”); } catch (Exception e) { } }
technology security

  1. Request Redirection is vulnerable and not a good practice

  2. Exception is not logged

  3. Input parameter “language” is not validated

  4. Option 1 AND Option 2

  5. Option 1 AND Option 3

  6. Option 2 AND Option 3

Show answer
Correct Option: E

In the following code, which is the location of vulnerability? 1 String username = req.getParameter("loginID"); 2 String password = req.getParameter("loginPassword"); 3 String sql = "SELECT UserID from Employee WHERE Emp_ID = ? AND Password=?"; 4 pstmt = con.prepareStatement(sql); 5 pstmt.setString(1,username); 6 pstmt.setString(2,password); 7 pstmt.execute(); 8 user = pstmt.getResultSet(); 9 if(user!=null) 10 { 11 while (user.next()) 12 { 13 userInfo.add(user.getString(1)); 14 } 15 } 16 else 17 { 18 log.debug(“Invalid Login: Login ID-”+ username+” Password-”+ password); 19 }
technology security

  1. Line 5

  2. Line 4

  3. Line 11

  4. Line 18

Show answer
Correct Option: D

In the following code, which is the location of vulnerability? 1 bIsAdmin = true; 2 try 3 { 4 function (); 5 bIsAdmin = isAdminUser(userName); 6 } 7 catch (Exception ex) 8 { 9 log.write(ex.toString()); 10 }
technology security

  1. Line 1

  2. Line 5

  3. Line 7

  4. Line 9

Show answer
Correct Option: A

Is SQL injection possible in the below code? String username = request.getParameter(“username”); String password = request.getParameter(“password”); conn = pool.getConnection( ); PreparedStatement pstmt = conn.prepareStatement(“select * from user where username=”+username+” and password=”+password); pstmt.execute(); rs = pstmt.getResultSet();
technology security

  1. True

  2. False

Show answer
Correct Option: A

Give the name of the vulnerability resides in the below code: ... Runtime rt = Runtime.getRuntime(); Process proc = rt.exec("cmd.exe /c type "+request.getParameter("path")); //path is an Input Parameter and contains the file name. InputStream stdin = proc.getInputStream(); InputStreamReader isr = new InputStreamReader(stdin); BufferedReader br = new BufferedReader(isr); ...
technology security

  1. Race Condition

  2. Command Injection

  3. Denial of Service

  4. Cross Site Request Forgery

  5. HTML Injection

Show answer
Correct Option: B