Information Security Officer Question: Download Information Security Professional PDF

Suppose you find PHP queries overtly in the URL, such as /index.php=?page=userID. What would you then be looking to test?
Tweet Share WhatsApp

Answer:

This is an ideal situation for injection and querying. If we know that the server is using a database such as SQL with a PHP controller, it becomes quite easy. We would be looking to test how the server reacts to multiple different types of requests, and what it throws back, looking for anomalies and errors.

One example could be code injection. If the server is not using authentication and evaluating each user, one could simply try /index.php?arg=1;system(‘id’) and see if the host returns unintended data.

 Download Information Security Professional PDF Read All 95 Information Security Professional Questions
Previous QuestionNext Question
Tell me what is an easy way to configure a network to allow only a single computer to login on a particular jack?Tell me in public-key cryptography you have a public and a private key, and you often perform both encryption and signing functions. Which key is used for which function?

Keep in touch with us

Copyright © 2005 -  2024
www.globalguideline.com All rights reserved.