Live Virtual Machine Lab 3.3: Module 03 Identifying Different Application Exploits

An application lists all the files and subdirectories in its web folder. This indicates which of the following weaknesses on the application?

Directory Listing

Which type of attack occurs if an application overruns the allocated buffer boundary and writes to adjacent memory locations?

Buffer Overflow

Which of the following enables attackers to inject client-side scripts into web pages viewed by other users?

Cross Site Scripting

Which of the following attack type confirms the vulnerability by revealing database-specific exceptions or error messages to the end-user or attacker?

Error Based SQL Injection

Which of the following provides unauthorized access to another user's system resources or application files at the same level/role within an organization?

Horizontal Privilege Escalation

Which of the following is also known as a "dot dot slash" attack?

Path Traversal

Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier which allows an attacker the opportunity to steal authenticated sessions, describes which of the following?

Session Hijacking