Tag: security

Questions Related to security

The following code is part of a system daemon that is run with elevated privileges. It opens a temp file in /tmp directory as a cache. Is there an issue in this code sample? Please assume that filling up /tmp is not an issue here. int outfile = fopen(“/tmp/cache_data”, O_WRONLY | O_CREAT | O_TRUNC, 0600);
technology security

  1. Since the file name is hard coded, fopen() will fail if the file already exists

  2. 0600 is not a secure option. The parameter 0600 should be changed to 0666

  3. Attackers can exploit by creating a symboling link /tmp/cache_data that points to a system file

  4. Attackers can exploit the application's cache by writing directly to /tmp/cache_data

Show answer
Correct Option: C

Is writing to an already freed memory a vulnerability? x = malloc(200); /* do something with x / free (x); / do something else */ strcpy(x, “somedata”);
technology security

  1. Overwriting freed memory is a security vulnerability

  2. Depends on the application and how important “somedata” is

  3. This will result in a buffer overflow since the freed memory location cannot handle 8 characters of data “somedata”

  4. strcpy() will fail as it cannot write to already freed memory, and the application will crash

Show answer
Correct Option: A

What attacks can get realized due to below code? ... Connection con = null; Statement stmt = null; try{ String personName = req.getParameter("PName"); String personAddress = req.getParameter("PAddress"); String personEmail = req.getParameter("PEmail"); String personPhone = req.getParameter("PPhone"); con= UtilDAO.make_con(); stmt = con.createStatement(); String sql = "INSERT INTO PersonDetails values ('"+personName+"', '"+personAddress+"', '"+personEmail+"', '"+personPhone+"')"; stmt.executeUpdate(sql); con.commit(); stmt.close(); UtilDAO.close(con); } catch(Exception e) { log.debug(“Exception is:”+e); } ...

technology security

  1. Cross Site Scripting

  2. SQL Injection

  3. Improper Resource Release

  4. Option 1 AND Option 2

  5. Option 1 AND Option 2 AND Option 3

  6. Option 2 AND Option 3

Show answer
Correct Option: E

AI Explanation

To answer this question, let's go through each option to understand why it is correct or incorrect:

Option A) Cross Site Scripting (XSS) - This option is incorrect. Cross-Site Scripting refers to injecting malicious scripts into a web application, which can then be executed by users visiting the website. The given code does not involve any user input rendering on the web page, so XSS attack is not possible.

Option B) SQL Injection - This option is correct. SQL Injection refers to manipulating or injecting malicious SQL queries into a database query. In the given code, the SQL query is constructed using string concatenation with user-provided values (personName, personAddress, personEmail, personPhone). This makes the code vulnerable to SQL Injection attacks if the user-provided values are not properly sanitized or validated.

Option C) Improper Resource Release - This option is correct. Improper Resource Release refers to not properly releasing or closing resources after they are used. In the given code, the Connection object (con) and Statement object (stmt) are not being closed in a finally block, which can lead to resource leaks.

Option D) Option 1 AND Option 2 - This option is incorrect. Option 1 refers to Cross-Site Scripting (XSS), which is not applicable in this scenario. Option 2 refers to SQL Injection, which is correct. Therefore, this option is incorrect.

Option E) Option 1 AND Option 2 AND Option 3 - This option is correct. Option 1 (Cross-Site Scripting) is not applicable, but Option 2 (SQL Injection) and Option 3 (Improper Resource Release) are both correct. Therefore, this option is correct.

Option F) Option 2 AND Option 3 - This option is incorrect. Option 2 (SQL Injection) is correct, but Option 3 (Improper Resource Release) is also correct. Therefore, this option is incorrect.

The correct answer is Option E. This option is correct because the code is vulnerable to SQL Injection attacks and also has improper resource release, which can lead to resource leaks.

Identify the line on which the vulnerability exists: 1 public class performSearchAction extends HttpServlet{ 2 // Servlet for Search Action 3 public void doPost(HttpServletRequest req, HttpServletResponse res) 4 { 5 try 6 { 7 ArrayList arrSearch = Util.performSearchAction(req, res); 8 req.setAttribute(“SearchResults”,arrSearch); 9 RequestDispatcher rd = getServletContext().getRequestDispatcher("/SearchResult.jsp"); 10 rd.forward(req,res); 11 } catch (Exception e) { 12 log.debug(“Exception occurred:”+e); 13 } 14 } //End of doPost method 15 public void doGet(HttpServletRequest req, HttpServletResponse res) 16 { 17 doPost(req,res); 18 } //End of doGet method 19 } //End of Class
technology security

  1. Line # 12

  2. Line # 9

  3. Line # 17

  4. Line # 8

  5. Line # 14, 18 & 19

Show answer
Correct Option: C

Give the name of the vulnerability resides in the below code: 1 5 6 Your Search for '' has not returned any records 7 8

technology security

  1. Information Leakage

  2. Cross Site Scripting

  3. Cross Site Tracing

  4. Option 1 AND Option 2

  5. Option 1 AND Option 3

  6. Command Injection

Show answer
Correct Option: D

What is wrong in the below code? public void doPost(HttpServletRequest req, HttpServletResponse res) { try { String language = req.getParameter("language"); res.sendRedirect("/doc/"+language+”/index.html”); } catch (Exception e) { } }

technology security

  1. Request Redirection is vulnerable and not a good practice

  2. Exception is not logged

  3. Input parameter “language” is not validated

  4. Option 1 AND Option 2

  5. Option 1 AND Option 3

  6. Option 2 AND Option 3

Show answer
Correct Option: E

In the following code, which is the location of vulnerability? 1 String username = req.getParameter("loginID"); 2 String password = req.getParameter("loginPassword"); 3 String sql = "SELECT UserID from Employee WHERE Emp_ID = ? AND Password=?"; 4 pstmt = con.prepareStatement(sql); 5 pstmt.setString(1,username); 6 pstmt.setString(2,password); 7 pstmt.execute(); 8 user = pstmt.getResultSet(); 9 if(user!=null) 10 { 11 while (user.next()) 12 { 13 userInfo.add(user.getString(1)); 14 } 15 } 16 else 17 { 18 log.debug(“Invalid Login: Login ID-”+ username+” Password-”+ password); 19 }
technology security

  1. Line 5

  2. Line 4

  3. Line 11

  4. Line 18

Show answer
Correct Option: D

In the following code, which is the location of vulnerability? 1 bIsAdmin = true; 2 try 3 { 4 function (); 5 bIsAdmin = isAdminUser(userName); 6 } 7 catch (Exception ex) 8 { 9 log.write(ex.toString()); 10 }
technology security

  1. Line 1

  2. Line 5

  3. Line 7

  4. Line 9

Show answer
Correct Option: A

Is SQL injection possible in the below code? String username = request.getParameter(“username”); String password = request.getParameter(“password”); conn = pool.getConnection( ); PreparedStatement pstmt = conn.prepareStatement(“select * from user where username=”+username+” and password=”+password); pstmt.execute(); rs = pstmt.getResultSet();
technology security

  1. True

  2. False

Show answer
Correct Option: A

Give the name of the vulnerability resides in the below code: ... Runtime rt = Runtime.getRuntime(); Process proc = rt.exec("cmd.exe /c type "+request.getParameter("path")); //path is an Input Parameter and contains the file name. InputStream stdin = proc.getInputStream(); InputStreamReader isr = new InputStreamReader(stdin); BufferedReader br = new BufferedReader(isr); ...

technology security

  1. Race Condition

  2. Command Injection

  3. Denial of Service

  4. Cross Site Request Forgery

  5. HTML Injection

Show answer
Correct Option: B