Module 5 quiz - exploiting app-based vulnerabilities

Which of the following are examples of code injection vulnerabilities?

All of these (SQL injections, HTML script injections, object injections)

You can find XSS vulnerabilities in which of the following?

All of these (search Fields the echo a search string back to the user, HTTP headers, input fields that echo user data)

Which of the following is not an example of a vulnerable application that you use to practice your penetration testing skills?

Cyber range

Which of the following cryptographic algorithms should be avoided?

DES, RC4, MD5

PHPSESSID and JSESSIONID can be used to do what?

Fingerprint web application development framework

What type of vulnerabilities can be triggered by using the parameters in the following URL? https://Store.h4cker.org/?search=car&results=20&search=bikes

HTTP parameter pollution (HPP)

Which of the following is true about DOM-based XSS?

In DOM-based XSS the payload is never sent to the server. Instead, the payload is only processed by the web client (browser)

What type of vulnerabilities can be triggered by using the parameters in the following url? Http://web.h4cker.org/changepassd?user=chris

Insecure direct object reference

Which of the following is a hashing algorithm that should be avoided?

MD5

Which of the following is not an example of an HTTP method?

REST

Which of the following is true about reflected XSS?

Reflected XSS attacks are not persistent

Consider the following string: Ben ' or '1' = '1 This string is an example of what type of attack?

SQL injection

Which of the following is not true?

The session ID (or token) is temporarily equivalent to the strongest authentication method used by the application prior to authentication.

Software devs should escape all characters with the HTML entity &#xHH; format to prevent what type of attack?

XSS attacks