U.S. Independence Day Deal! Unlock 25% OFF Today – Limited-Time Offer - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

CompTIA PT0-003 Exam - Topic 1 Question 40 Discussion

A penetration tester is conducting an assessment of a web application's login page. The tester needs to determine whether there are any hidden form fields of interest. Which of the following is the most effective technique?
D) HTML scraping
A) XSS
B) On-path attack
C) SQL injection

CompTIA PT0-003 Exam - Topic 1 Question 40 Discussion

Actual exam question for CompTIA's PT0-003 exam
Question #: 40
Topic #: 1
[All PT0-003 Questions]

A penetration tester is conducting an assessment of a web application's login page. The tester needs to determine whether there are any hidden form fields of interest. Which of the following is the most effective technique?

Show Suggested Answer Hide Answer
Suggested Answer: D

Hidden form fields in web applications can store user roles, session tokens, and security parameters that attackers may exploit.

HTML scraping (Option D):

Involves analyzing HTML source code to find hidden fields like:

<input type='hidden' name='admin_access' value='true'>

Attackers use tools like Burp Suite, ZAP, or browser developer tools (Ctrl+U or Inspect Element) to locate hidden fields.


Incorrect options:

Option A (XSS): Exploits JavaScript injection, not for finding hidden fields.

Option B (On-path attack): Involves MITM interception, not directly analyzing form fields.

Option C (SQL injection): Targets databases, not HTML forms

Contribute your Thoughts:

0/2000 characters

Currently there are no comments in this discussion, be the first to comment!


Save Cancel