Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Pentesting > 13C: Plan Injection Attacks > Flashcards

13C: Plan Injection Attacks Flashcards

2.2 Given a scenario, perform active reconnaissance. 3.3 Given a scenario, research attack vectors and perform application-based attacks. 3.5 Explain common attacks and vulnerabilities against specialized systems

1
Q

An attack that injects a database query into the input data directed at a server by accessing the client side of the application.

A

SQLi attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

The process of injecting SQL queries when the web application’s response does not contain the result of the query.

A

blind sqli

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

The process of injecting SQL queries with values that are always true (‘1=1’) and false (‘1=2’).

A

boolean based sqli

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

The process of injecting SQL queries with time delays

A

time based sqli

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

CompTIA definition: An application attack that allows access to commands, files, and directories that may or may not be connected to the web document root directory. (really with this type of exploit, you are trying to access upstream directories from where your current access lies by using commands such as ..)

A

directory traversal

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A character with a value of zero that is used in most programming languages to indicate the termination of a string.

A

null byte

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Exploit technique that runs malicious code with the ID of a legitimate process.

A

code injection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

This is a type of web application vulnerability where a threat actor is able to execute arbitrary shell commands on a host via a vulnerable web application.

A

command injection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Faults in the information transmitted, stored, or otherwise managed by IoT devices.

A

IoT data corruption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Network protocol used to access network directory databases, which store information about authorized users and their privileges, as well as other organizational information.

A

lightweight directory access protocol (LDAP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

A malicious script hosted on the attacker’s site or coded in a link injected onto a trusted site designed to compromise clients browsing the trusted site, circumventing the browser’s security model of trusted zones.

A

cross site scripting (XSS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

When an attacker injects malicious code or links into a website’s forums, databases, or other data.

A

persistent attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A malicious request to a legitimate server is created and sent as a link to the victim, so that a server-side flaw causes the malicious component to run on the target’s browser.

A

reflected attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

When attackers send malicious scripts to a web app’s client-side implementation of JavaScript to execute their attack solely on the client.

A

Document Object Model (DOM)-based attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Pentesting (56 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions