A security analyst receives an alert from a web server that contains the following logs: GET /image?filename=../../.../etc/passwd Host: AcmeInc-web.net useragent: python-request/ 2.27.1 GET /image?filename=../../.../etc/shadow Host: AcmeInc-web.net useragent: python-request/ 2.27.1 Which of the following attacks is being attempted?

Rationale

Directory traversal.

The logs indicate an attempt to access system files by manipulating the file path, which is characteristic of a directory traversal attack. This type of attack aims to exploit inadequate input validation by navigating to directories outside the intended scope of the web application.

A (File injection) YOUR ANSWER

File injection typically refers to the unauthorized uploading or execution of files on a server. In this scenario, the logs suggest an attempt to read existing sensitive files rather than injecting new files, which makes this option incorrect.

B (Privilege escalation) YOUR ANSWER

Privilege escalation involves exploiting a vulnerability to gain elevated access rights within a system. The logs do not suggest that the attacker is attempting to increase privileges but rather trying to access restricted files, making this choice unsuitable for the described activity.

C (Directory traversal) CORRECT

The logs specifically show attempts to access files such as `/etc/passwd` and `/etc/shadow` by using the `../../` sequence to navigate up directories. This technique is a classic example of a directory traversal attack, which is designed to bypass security controls and access sensitive information.

D (Cookie forgery) YOUR ANSWER

Cookie forgery refers to the manipulation or creation of cookies to impersonate users or bypass authentication. This is unrelated to the actions reflected in the logs, which focus on file access rather than session management or authentication.

Conclusion

The security logs reveal an attempt to exploit directory traversal vulnerabilities by manipulating file paths to access sensitive system files. This attack type underscores the importance of proper input validation and security measures in web applications to prevent unauthorized access to critical data. Understanding these attack vectors is crucial for security analysts in protecting systems from exploitation.

Directory traversal.

Related Questions

Related Quizzes

How familiar were you with this question?

Report an Issue

Rate this Practice Test