Q2pt1
pdf
keyboard_arrow_up
School
New York University *
*We aren’t endorsed by this school
Course
MISC
Subject
Information Systems
Date
Apr 3, 2024
Type
Pages
13
Uploaded by DrOryxPerson763
Question 4 (6.25 points) ' Saved What type of vulnerability is the following code likely vulnerable to def parse_card_data(card_file_data, card_path_name): try: test_json = json.loads(card_file_data) if type(card_file_data) != str: card_file_data = card_file_data.decode() return card_file_data except (json.JSONDecodeError, UnicodeDecodeError): pass # KG: Are you sure you want the user to control that input? # RA: We don't care about validating the card’'s file name?! try: with open(card_path_name, 'wb') as card_file: card_file.write(card_file_data) except: pass ret_val = system(f"./{CARD_PARSER} 2 {card_path_name} > tmp_file") if ret_val != @: return card_file_data with open("tmp_file", 'r') as tmp_file: return tmp_file.read() (e) Command Injection
Previous Page Question 5 (6.25 points) + Saved CSRF tokens need to be kept a secret from the browser client. If needed, you may view the pre-recorded course lessons here. Previous Page Submit Quiz 5 of 16 questions saved Page 5 of 16 Page 5 of 16
Previous Page Page 6 of 16 Question 6 (6.25 points) + Saved You enter <script>alert(1)</script> into a form, and an alert box pops up with the number 1. What type of vulnerability did you test for and find? Page 6 of 16 Submit Quiz 6 of 16 questions saved
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Previous Page Question 7 (6.25 points) + Saved What does escaping do to mitigate cross site scripting (XSS) vulnerabilities? @ Sanitizes user input so it won't be rendered by the browser O URL encodes potentially malicious characters O validates user input for absence of illegal characters O Drops user input so it cannot be reflected or stored If needed, you may view the pre-recorded course lessons here. Previous Page Submit Quiz 7 of 16 questions saved Page 7 of 16 Page 7 of 16
Previous Page Page 8 of 16 Question 8 (6.25 points) + Saved The cross-site scripting (XSS) vulnerability exploited in Lab 2 was which type of XSS? (®) Reflected () DOM-based () Stored () Error-Based If needed, you may view the pre-recorded course lessons here. Previous Page Page 8 of 16 Submit Quiz 8 of 16 questions saved
Previous Page Page 9 of 16 Question 9 (6.25 points) + Saved Which of the following is true about a cookie? () Itis sent from root server to all servers. @ It is sent from a website and stored in user's web browser while a user is browsing a website. O It is sent from user to be stored in all the servers when not browsing a website. O It is sent from user and stored in the server while a user is browsing a website. If needed, you may view the pre-recorded course lessons here. [T Page 9 of 16 Previous Page Submit Quiz 9 of 16 questions saved
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Previous Page Page 10 of 16 Question 10 (6.25 points) ' Saved When a malicious user convinces a victim to send a request to a server with malicious input and the server echoes the input back to client, what kind of attack occurs? () Persistent XSS Reflected XSS () CSRF () Second Order SQL Injection If needed, you may view the pre-recorded course lessons here. Previous Page Page 10 of 16 Submit Quiz 10 of 16 questions saved
Previous Page Page 11 of 16 Question 11 (6.25 points) ' Saved Consider a POST parameter performing an operation on behalf of a user without checking their shared key. This can lead to CSRF attack () XSS attack () Injection attack D Insecure Direct Object Reference If needed, you may view the pre-recorded course lessons here. Previous Page Page 11 of 16 Submit Quiz 11 of 16 questions saved
Previous Page Page 12 of 16 Question 12 (6.25 points) ' Saved What is the "30x" HTTP response status code? (x could be one number in [0,9]) O Server Error Responses @ Redirection Messages O Client Error Responses O Successful Responses If needed, you may view the pre-recorded course lessons here. Previous Page Page 12 of 16 Submit Quiz 12 of 16 questions saved
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Previous Page Question 13 (6.25 points) ' Saved Which of the following is TRUE about SQLi attack? @ It is a technique for Code penetration O It'is a technique for Database penetration O It is a technique for Object penetration O It is a technique for Function penetration If needed, you may view the pre-recorded course lessons here. Previous Page Submit Quiz 13 of 16 questions saved Page 13 of 16 Page 13 of 16
Previous Page Page 14 of 16 Question 14 (6.25 points) ' Saved One day, | received a mail and | recognized it was a phishing mail. But | am curious and took a look at the evil site. It would not lead to any data leak to visit the site without entering my username and password. If needed, you may view the pre-recorded course lessons here. Previous Page Page 14 of 16 Submit Quiz 14 of 16 questions saved
Previous Page Page 15 of 16 Question 15 (6.25 points) ' Saved CSRF attack is a kind of "Code Injection" If needed, you may view the pre-recorded course lessons here. Previous Page Page 15 of 16 Submit Quiz 15 of 16 questions saved
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Previous Page Next Page Page 16 of 16 Question 16 (6.25 points) ' Saved What are some good cases for use of Hashing? Password protection Digital signatures () None of the above Data integrity If needed, you may view the pre-recorded course lessons here. Previous Page Next Page Page 16 of 16 16 of 16 questions saved