In the screenshot below, an attacker is attempting to exploit which vulnerability?

POST /upload.php HTTP/1.1

Host: example.com

Cookie: session=xyz123;JSESSIONID=abc123

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) rv:107.0

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Content-Type: multipart/form-data; boundary=----WebKitFormBoundary7MA4YWxkTrZu0gW

Content-Length: 12345

Connection: keep-alive

Content-Disposition: form-data; name="avatar"; filename="malicious.php"

Content-Type: image/jpeg

phpinfo();

?>

In the context of a Dependency Confusion Attack, which of the following files is analyzed for determining potential private packages?

After purchasing an item on an e-commerce website, a user can view his order details by visiting the URL:

https://example.com/order_id=53870

A security researcher pointed out that by manipulating the order_id value in the URL, a user can view arbitrary orders and sensitive information associated with that order_id.

Which of the following is correct?

In the context of the CORS (Cross-origin resource sharing) misconfiguration, which of the following statements is true?

A website administrator forgot to renew the TLS certificate on time and as a result, the application is now displaying a TLS error message. However, on closer inspection, it appears that the error is due to the TLS certificate expiry.

Which of the following is correct?

Based on the screenshot below, which of the following statements is true?

Request

GET /userProfile.php?sessionId=7576572ce164646de967c759643d53031 HTTP/1.1

Host: example.com

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) Firefox/107.0

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8

Accept-Language: en-GB,en;q=0.5

Accept-Encoding: gzip, deflate

Upgrade-Insecure-Requests: 1

Sec-Fetch-Dest: document

Sec-Fetch-Mode: navigate

Sec-Fetch-Site: none

Sec-Fetch-User: ?1

Cookie: JSESSIONID=7576572ce164646de967c759643d53031

Te: trailers

Connection: keep-alive

PrettyRaw | Hex | php | curl | ln | Pretty

HTTP/1.1 200 OK

Date: Fri, 09 Dec 2022 11:42:27 GMT

Server: Apache/2.4.54 (Unix) OpenSSL/1.0.2k-fips PHP/8.0.25

X-Powered-By: PHP/8.0.25

Content-Length: 12746

Content-Type: text/html; charset=UTF-8

Connection: keep-alive

Set-Cookie: JSESSIONID=7576572ce164646de967c759643d53031; Path=/; HttpOnly

...

After purchasing an item on an e-commerce website, a user can view their order details by visiting the URL:

https://example.com/?order_id=53870

A security researcher pointed out that by manipulating the order_id value in the URL, a user can view arbitrary orders and sensitive information associated with that order_id. There are two fixes:

(Bob’s Fix): In order to fix this vulnerability, a developer called Bob devised a fix so that the URL does not disclose the numeric value of the order_id but uses a SHA1 hash of the order_id in the URL, such as:

https://example.com/?order_id=1ff0fe6f1599536d1326418124a261bc98b8ea1

Note: that the SHA1 value of 53870 is 1ff0fe6f1599536d1326418124a261bc98b8ea1

(John’s Fix): Another developer called John devised a different fix so that the URL does not disclose the numeric value of the order_id and uses a Base64 encoded value of the order_id in the URL, such as:

https://example.com/?order_id=NTM4NzA=

Note: that the Base64 encoded value of 53870 is NTM4NzA=

Which of the following is correct?

Scan the code below and identify the vulnerability which is the most applicable for this scenario.

In the context of the infamous log4j vulnerability (CVE-2021-44228), which vulnerability is exploited in the backend to achieve Remote Code Execution?

After purchasing an item on an e-commerce website, a user can view their order details by visiting the URL:

https://example.com/?order_id=53870

A security researcher pointed out that by manipulating the order_id value in the URL, a user can view arbitrary orders and sensitive information associated with that order_id. This attack is known as:

You found the xmrpc.php endpoint while performing a security assessment on a web application. The target application is most likely using which of the following Content Management Systems (CMS)?

In the screenshot below, which of the following is incorrect?

Target: https://example.com

HTTP/1.1 404 Not Found

Date: Fri, 09 Dec 2022 18:03:49 GMT

Server: Apache

Vary: Cookie

X-Powered-By: PHP/5.4.5-5

X-Xss-Protection: 1; mode=block

X-Content-Type-Options: nosniff

Content-Length: 0

Content-Type: text/html; charset=UTF-8

Cookie: JSESSIONID=1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789; secure; HttpOnly; SameSite=None

While performing a security audit of a web application, you discovered an exposed docker-compose.yml file. What is the significance of this file and what data can be found in it?

A robots.txt file tells the search engine crawlers about the URLs which the crawler can access on your site. Which of the following is true about robots.txt?

Based on the screenshot above, which of the following is the most true?

Screenshot

![Login Form]

coder@viewer

User does not exist

[Password field]

Forget password?

[Login button]

Not yet member? Sign now

Your application is hosting JavaScript from a third-party website as shown in the snippet below.

Which of the following is true regarding the code snippet?

Which is the most effective way of input validation to prevent Cross-Site Scripting attacks?

Which of the following is considered as a safe password?