Richard, a penetration tester was asked to assess a web application. During the assessment, he discovered a file upload field where users can upload their profile pictures. While scanning the page for vulnerabilities, Richard found a file upload exploit on the website. Richard wants to test the web application by uploading a malicious PHP shell, but the web page denied the file upload. Trying to get around the security, Richard added the ' jpg ' extension to the end of the file. The new file name ended with '.php. jpg '. He then used the Burp suite tool and removed the ' jpg '' extension from the request while uploading the file. This enabled him to successfully upload the PHP shell. Which of the following techniques has Richard implemented to upload the PHP shell?
A) Session stealing
B) Cookie tampering
C) Cross site scripting
D) Parameter tampering
Correct Answer:
Verified
Q13: Veronica, a penetration tester at a top
Q14: Steven is performing a wireless network audit.
Q15: An organization hosted a website to provide
Q16: You are working on a pen testing
Q17: HDC Networks Ltd. is a leading security
Q19: Ross performs security test on his company's
Q20: Recently, Jacob was assigned a project to
Q21: Gibson, a security analyst at MileTech Solutions,
Q22: An anonymity network is a series of?
A)
Q23: Which of the following reports should you
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents