Chat with AI
Deck 10: Hacking Web Servers
Full screen (f)
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/52
Play
Full screen (f)
Deck 10: Hacking Web Servers
1
CGI programs can be written in many different programming and scripting languages, such as C/C++, Perl, UNIX shells, Visual Basic, and FORTRAN.
True
2
All CFML tags begin with "____".
A)?
B)CF
C)CFML
D)%
A)?
B)CF
C)CFML
D)%
B
3
Connecting to a Microsoft Active Directory Service database with OLE DB requires using ____ as the provider.
A)ADSDSOOBJECT
B)MySQLProv
C)SQLOLEDB
D)SNAOLEDB
A)ADSDSOOBJECT
B)MySQLProv
C)SQLOLEDB
D)SNAOLEDB
A
4
____ is the interface that describes how a Web server passes data to a Web browser.
A)Perl
B)ASP
C)CGI
D)PHP
A)Perl
B)ASP
C)CGI
D)PHP
Unlock Deck
Unlock for access to all 52 flashcards in this deck.
Unlock Deck
k this deck
5
____ is a standard database access method developed by the SQLAccess Group.
A)OLE DB
B)ODBC
C)ADO
D)JDBC
A)OLE DB
B)ODBC
C)ADO
D)JDBC
Unlock Deck
Unlock for access to all 52 flashcards in this deck.
Unlock Deck
k this deck
6
____ was originally used primarily on UNIX systems, but is used more widely now on many platforms, such as Macintosh and Windows.
A)HTML
B)JScript
C)VBScript
D)PHP
A)HTML
B)JScript
C)VBScript
D)PHP
Unlock Deck
Unlock for access to all 52 flashcards in this deck.
Unlock Deck
k this deck
7
Web applications written in CFML can also contain other client-side technologies, such as HTML and JavaScript.
Unlock Deck
Unlock for access to all 52 flashcards in this deck.
Unlock Deck
k this deck
8
ColdFusion uses its own proprietary tags written in ____.
A)XML
B)DHTML
C)PHP
D)CFML
A)XML
B)DHTML
C)PHP
D)CFML
Unlock Deck
Unlock for access to all 52 flashcards in this deck.
Unlock Deck
k this deck
9
The column tag in CFML is ____.
A)
B)
C)<%COL>
D)
A)
B)
C)<%COL>
D)
Unlock Deck
Unlock for access to all 52 flashcards in this deck.
Unlock Deck
k this deck
10
The ____ Search page is an excellent starting point when investigating VBScript vulnerabilities.
A)CVE Web site
B)CERT
C)Microsoft Security Bulletin
D)Macromedia security
A)CVE Web site
B)CERT
C)Microsoft Security Bulletin
D)Macromedia security
Unlock Deck
Unlock for access to all 52 flashcards in this deck.
Unlock Deck
k this deck
11
A user can view the source code of a PHP file by using the browser's "View Source" option.
Unlock Deck
Unlock for access to all 52 flashcards in this deck.
Unlock Deck
k this deck
12
____, developed by Microsoft, is a set of interfaces that enable applications to access data stored in a database management system.
A)OLE DB
B)ODBC
C)ADO
D)JDBC
A)OLE DB
B)ODBC
C)ADO
D)JDBC
Unlock Deck
Unlock for access to all 52 flashcards in this deck.
Unlock Deck
k this deck
13
Visual Basic Script (VBScript) is a scripting language developed by ____.
A)Sun Microsystems
B)Symantec
C)Macromedia
D)Microsoft
A)Sun Microsystems
B)Symantec
C)Macromedia
D)Microsoft
Unlock Deck
Unlock for access to all 52 flashcards in this deck.
Unlock Deck
k this deck
14
OLE DB relies on connection strings that enable the application to access the data stored on an external device.
Unlock Deck
Unlock for access to all 52 flashcards in this deck.
Unlock Deck
k this deck
15
Web servers use the ____ element in an HTML document to allow customers to submit information to the Web server.
A)
B)
C)
D)
A)
B)
C)
D)
Unlock Deck
Unlock for access to all 52 flashcards in this deck.
Unlock Deck
k this deck
16
The JavaScript getElementByld() function is a method defined by the ____ Document Object Model (DOM).
A)W3C
B)IETF
C)Internet Society
D)IEEE
A)W3C
B)IETF
C)Internet Society
D)IEEE
Unlock Deck
Unlock for access to all 52 flashcards in this deck.
Unlock Deck
k this deck
17
To check whether a CGI program works, you should save the program to the ____ directory of your Web server, and then enter the URL in your Web browser.
A)bin
B)cgi-bin
C)cgi
D)scripts
A)bin
B)cgi-bin
C)cgi
D)scripts
Unlock Deck
Unlock for access to all 52 flashcards in this deck.
Unlock Deck
k this deck
18
Connecting to an MS SQL Server database with OLE DB requires using ____ as the provider.
A)ADSDSOOBJECT
B)MySQLProv
C)SQLOLEDB
D)SNAOLEDB
A)ADSDSOOBJECT
B)MySQLProv
C)SQLOLEDB
D)SNAOLEDB
Unlock Deck
Unlock for access to all 52 flashcards in this deck.
Unlock Deck
k this deck
19
JavaScript is a server-side scripting language that is embedded in an HTML Web page.
Unlock Deck
Unlock for access to all 52 flashcards in this deck.
Unlock Deck
k this deck
20
Connecting to a MySQL database with OLE DB requires using ____ as the provider.
A)ADSDSOOBJECT
B)MySQLProv
C)SQLOLEDB
D)SNAOLEDB
A)ADSDSOOBJECT
B)MySQLProv
C)SQLOLEDB
D)SNAOLEDB
Unlock Deck
Unlock for access to all 52 flashcards in this deck.
Unlock Deck
k this deck
21
In Windows, IIS stands for ______________________________.
Unlock Deck
Unlock for access to all 52 flashcards in this deck.
Unlock Deck
k this deck
22
MATCHING
Match each term with the correct statement below.
a.WebGoat
f.Wfetch
b.HTML
g.JScript
c.CGI
h.virtual directory
d.Cgi Scanner v1.4
i.XSS
e.Apache
helps beginning Web application security testers gain a better understanding of the areas covered in the OWASP top ten Web applications vulnerability list
Match each term with the correct statement below.
a.WebGoat
f.Wfetch
b.HTML
g.JScript
c.CGI
h.virtual directory
d.Cgi Scanner v1.4
i.XSS
e.Apache
helps beginning Web application security testers gain a better understanding of the areas covered in the OWASP top ten Web applications vulnerability list
Unlock Deck
Unlock for access to all 52 flashcards in this deck.
Unlock Deck
k this deck
23
SQL ____ involves the attacker supplying SQL commands when prompted to fill in a Web application field.
A)redirection
B)spoofing
C)injection
D)insertion
A)redirection
B)spoofing
C)injection
D)insertion
Unlock Deck
Unlock for access to all 52 flashcards in this deck.
Unlock Deck
k this deck
24
MATCHING
Match each term with the correct statement below.
a.WebGoat
f.Wfetch
b.HTML
g.JScript
c.CGI
h.virtual directory
d.Cgi Scanner v1.4
i.XSS
e.Apache
language developed by Microsoft
Match each term with the correct statement below.
a.WebGoat
f.Wfetch
b.HTML
g.JScript
c.CGI
h.virtual directory
d.Cgi Scanner v1.4
i.XSS
e.Apache
language developed by Microsoft
Unlock Deck
Unlock for access to all 52 flashcards in this deck.
Unlock Deck
k this deck
25
In a(n) ____ flaw, a Web browser might carry out code sent from a Web site.
A)broken access control
B)command injection
C)cross-site scripting
D)unvalidated parameters
A)broken access control
B)command injection
C)cross-site scripting
D)unvalidated parameters
Unlock Deck
Unlock for access to all 52 flashcards in this deck.
Unlock Deck
k this deck
26
Connecting to a VSAM database with OLE DB requires using ____ as the provider.
A)ADSDSOOBJECT
B)MySQLProv
C)SQLOLEDB
D)SNAOLEDB
A)ADSDSOOBJECT
B)MySQLProv
C)SQLOLEDB
D)SNAOLEDB
Unlock Deck
Unlock for access to all 52 flashcards in this deck.
Unlock Deck
k this deck
27
CFML stands for ______________________________.
Unlock Deck
Unlock for access to all 52 flashcards in this deck.
Unlock Deck
k this deck
28
____ represent(s) a comment in SQL.
A)Double slashes (//)
B)An exclamation point (!)
C)An asterisk (*)
D)Double hyphens (--)
A)Double slashes (//)
B)An exclamation point (!)
C)An asterisk (*)
D)Double hyphens (--)
Unlock Deck
Unlock for access to all 52 flashcards in this deck.
Unlock Deck
k this deck
29
MATCHING
Match each term with the correct statement below.
a.WebGoat
f.Wfetch
b.HTML
g.JScript
c.CGI
h.virtual directory
d.Cgi Scanner v1.4
i.XSS
e.Apache
a Web server
Match each term with the correct statement below.
a.WebGoat
f.Wfetch
b.HTML
g.JScript
c.CGI
h.virtual directory
d.Cgi Scanner v1.4
i.XSS
e.Apache
a Web server
Unlock Deck
Unlock for access to all 52 flashcards in this deck.
Unlock Deck
k this deck
30
____ is one of the best tools for scanning the Web for systems with CGI vulnerabilities.
A)Cgiscan.c
B)WebGoat
C)Wfetch
D)Phfscan.c
A)Cgiscan.c
B)WebGoat
C)Wfetch
D)Phfscan.c
Unlock Deck
Unlock for access to all 52 flashcards in this deck.
Unlock Deck
k this deck
31
MATCHING
Match each term with the correct statement below.
a.WebGoat
f.Wfetch
b.HTML
g.JScript
c.CGI
h.virtual directory
d.Cgi Scanner v1.4
i.XSS
e.Apache
tool for searching Web sites for CGI scripts that can be exploited
Match each term with the correct statement below.
a.WebGoat
f.Wfetch
b.HTML
g.JScript
c.CGI
h.virtual directory
d.Cgi Scanner v1.4
i.XSS
e.Apache
tool for searching Web sites for CGI scripts that can be exploited
Unlock Deck
Unlock for access to all 52 flashcards in this deck.
Unlock Deck
k this deck
32
One of the best Web sites to find tools for hacking Web applications is ____.
A)http://www.cert.org
B)http://www.owasp.org
C)http://www.cve.mitre.org
D)http://packetstormsecurity.org
A)http://www.cert.org
B)http://www.owasp.org
C)http://www.cve.mitre.org
D)http://packetstormsecurity.org
Unlock Deck
Unlock for access to all 52 flashcards in this deck.
Unlock Deck
k this deck
33
MATCHING
Match each term with the correct statement below.
a.WebGoat
f.Wfetch
b.HTML
g.JScript
c.CGI
h.virtual directory
d.Cgi Scanner v1.4
i.XSS
e.Apache
GUI tool that can be downloaded free from Microsoft and is included in the IIS Resource Kit
Match each term with the correct statement below.
a.WebGoat
f.Wfetch
b.HTML
g.JScript
c.CGI
h.virtual directory
d.Cgi Scanner v1.4
i.XSS
e.Apache
GUI tool that can be downloaded free from Microsoft and is included in the IIS Resource Kit
Unlock Deck
Unlock for access to all 52 flashcards in this deck.
Unlock Deck
k this deck
34
MATCHING
Match each term with the correct statement below.
a.WebGoat
f.Wfetch
b.HTML
g.JScript
c.CGI
h.virtual directory
d.Cgi Scanner v1.4
i.XSS
e.Apache
foundation of most Web applications
Match each term with the correct statement below.
a.WebGoat
f.Wfetch
b.HTML
g.JScript
c.CGI
h.virtual directory
d.Cgi Scanner v1.4
i.XSS
e.Apache
foundation of most Web applications
Unlock Deck
Unlock for access to all 52 flashcards in this deck.
Unlock Deck
k this deck
35
____________________ Web pages display the same information regardless of the time of day or the user who activates the page.
Unlock Deck
Unlock for access to all 52 flashcards in this deck.
Unlock Deck
k this deck
36
MATCHING
Match each term with the correct statement below.
a.WebGoat
f.Wfetch
b.HTML
g.JScript
c.CGI
h.virtual directory
d.Cgi Scanner v1.4
i.XSS
e.Apache
main role is passing data between a Web server and Web browser
Match each term with the correct statement below.
a.WebGoat
f.Wfetch
b.HTML
g.JScript
c.CGI
h.virtual directory
d.Cgi Scanner v1.4
i.XSS
e.Apache
main role is passing data between a Web server and Web browser
Unlock Deck
Unlock for access to all 52 flashcards in this deck.
Unlock Deck
k this deck
37
MATCHING
Match each term with the correct statement below.
a.WebGoat
f.Wfetch
b.HTML
g.JScript
c.CGI
h.virtual directory
d.Cgi Scanner v1.4
i.XSS
e.Apache
stands for cross-site scripting flaw
Match each term with the correct statement below.
a.WebGoat
f.Wfetch
b.HTML
g.JScript
c.CGI
h.virtual directory
d.Cgi Scanner v1.4
i.XSS
e.Apache
stands for cross-site scripting flaw
Unlock Deck
Unlock for access to all 52 flashcards in this deck.
Unlock Deck
k this deck
38
____________________ Web pages can vary the information that's displayed depending on variables such as the current time and date, user name, and purchasing history (information collected via cookies or Web bugs).
Unlock Deck
Unlock for access to all 52 flashcards in this deck.
Unlock Deck
k this deck
39
MATCHING
Match each term with the correct statement below.
a.WebGoat
f.Wfetch
b.HTML
g.JScript
c.CGI
h.virtual directory
d.Cgi Scanner v1.4
i.XSS
e.Apache
keeps attackers from knowing the directory structure on an IIS Web server
Match each term with the correct statement below.
a.WebGoat
f.Wfetch
b.HTML
g.JScript
c.CGI
h.virtual directory
d.Cgi Scanner v1.4
i.XSS
e.Apache
keeps attackers from knowing the directory structure on an IIS Web server
Unlock Deck
Unlock for access to all 52 flashcards in this deck.
Unlock Deck
k this deck
40
To keep attackers from knowing the directory structure you create on an IIS Web server, creating a(n) ____________________ is recommended so that the path a user sees on the Web browser is not the actual path on the Web server.
Unlock Deck
Unlock for access to all 52 flashcards in this deck.
Unlock Deck
k this deck
41
What is JavaScript?
Unlock Deck
Unlock for access to all 52 flashcards in this deck.
Unlock Deck
k this deck
42
What is OWASP?
Unlock Deck
Unlock for access to all 52 flashcards in this deck.
Unlock Deck
k this deck
43
What is ODBC used for?
Unlock Deck
Unlock for access to all 52 flashcards in this deck.
Unlock Deck
k this deck
44
What is ActiveX Data Objects (ADO)?
Unlock Deck
Unlock for access to all 52 flashcards in this deck.
Unlock Deck
k this deck
45
As a security professional, what should you do after identifying that a Web server you are testing is using PHP?
Unlock Deck
Unlock for access to all 52 flashcards in this deck.
Unlock Deck
k this deck
46
What is ColdFusion?
Unlock Deck
Unlock for access to all 52 flashcards in this deck.
Unlock Deck
k this deck
47
Why should security professionals have at least a little knowledge about the Apache Web Server?
Unlock Deck
Unlock for access to all 52 flashcards in this deck.
Unlock Deck
k this deck
48
Dynamic Web pages need special components for displaying information that changes depending on user input or information obtained from a back-end server. What kind of components can Web pages use to achieve this?
Unlock Deck
Unlock for access to all 52 flashcards in this deck.
Unlock Deck
k this deck
49
What is VBScript?
Unlock Deck
Unlock for access to all 52 flashcards in this deck.
Unlock Deck
k this deck
50
What features does the current version of Wfetch offer?
Unlock Deck
Unlock for access to all 52 flashcards in this deck.
Unlock Deck
k this deck
51
What can an attacker do after gaining control of a Web server?
Unlock Deck
Unlock for access to all 52 flashcards in this deck.
Unlock Deck
k this deck
52
What is the main difference between HTML pages and Active Server Pages (ASP)?
Unlock Deck
Unlock for access to all 52 flashcards in this deck.
Unlock Deck
k this deck
Unlock Deck
Unlock for access to all 52 flashcards in this deck.
