ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam PT1-002 All Questions

View all questions & answers for the PT1-002 exam
Go to Exam

Exam PT1-002 topic 1 question 99 discussion

Actual exam question from CompTIA's PT1-002
Question #: 99
Topic #: 1
[All PT1-002 Questions]

A tester who is performing a penetration test on a website receives the following output:
Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in /var/www/search.php on line 62
Which of the following commands can be used to further attack the website?

  • A. <script>var adr= '../evil.php?test=' + escape(document.cookie);</script>
  • B. ../../../../../../../../../../etc/passwd
  • C. /var/www/html/index.php;whoami
  • D. 1 UNION SELECT 1, DATABASE(),3--
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by BinarySoldier at Nov. 27, 2021, 9:26 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
BinarySoldier
Highly Voted 3 years, 5 months ago
This looks like the website is prone to a SQL injection attack as it appears to be taking the user input directly. I think I would choose D as it is close to a SQLi.
upvoted 11 times
...
bieecop
Most Recent 2 years, 5 months ago
I think D Correct
upvoted 2 times
...
ResStapler
2 years, 8 months ago
Answer D looks similar to SQL injection UNION attacks. For example: SELECT a, b FROM table1 UNION SELECT c, d FROM table2 Ref: https://portswigger.net/web-security/sql-injection/union-attacks
upvoted 1 times
...
willsy
2 years, 10 months ago
Selected Answer: D
D SQLi
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago