GIAC Exam GSLC Topic 8 Question 25 Discussion

Actual exam question for GIAC's GIAC Security Leadership exam

Question #: 25
Topic #: 8

[All GIAC Security Leadership Questions]

John works as a professional Ethical Hacker. He has been assigned a project to test the security of www.we-are-secure.com. He performs Web vulnerability scanning on the We-are-secure server. The output of the scanning test is as follows:

C:\whisker.pl -h target_IP_address

-- whisker / v1.4.0 / rain forest puppy / www.wiretrip.net -- = - = - = - = - =

= Host: target_IP_address

= Server: Apache/1.3.12 (Win32) ApacheJServ/1.1

mod_ssl/2.6.4 OpenSSL/0.9.5a mod_perl/1.22

+ 200 OK: HEAD /cgi-bin/printenv

John recognizes /cgi-bin/printenv vulnerability ('Printenv' vulnerability) in the We_are_secure server. Which of the following statements about 'Printenv' vulnerability are true?

Each correct answer represents a complete solution. Choose all that apply.

AThe countermeasure to 'printenv' vulnerability is to remove the CGI script.

B'Printenv' vulnerability maintains a log file of user activities on the Website, which may be useful for the attacker.

CThis vulnerability helps in a cross site scripting attack.

DWith the help of 'printenv' vulnerability, an attacker can input specially crafted links and/or other malicious scripts.

Show Suggested Answer

Suggested Answer: A, C, D

by Matthew at May 03, 2022, 07:14 PM

Limited Time Offer

25%

Off

Get Premium GSLC Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!