Free Preparation Discussions
MENU
The SecOps Group Exam CAP Topic 10 Question 96 Discussion
Topic #: 10
In the screenshot below, an attacker is attempting to exploit which vulnerability?
POST /upload.php HTTP/1.1
Host: example.com
Cookie: session=xyz123;JSESSIONID=abc123
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) rv:107.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: multipart/form-data; boundary=----WebKitFormBoundary7MA4YWxkTrZu0gW
Content-Length: 12345
Connection: keep-alive
Content-Disposition: form-data; name="avatar"; filename="malicious.php"
Content-Type: image/jpeg
phpinfo();
?>
The screenshot shows an HTTP POST request to /upload.php with a multipart/form-data payload, where the attacker uploads a file named malicious.php disguised as an image/jpeg but containing PHP code (<?php phpinfo(); ?>). This indicates an attempt to exploit a File Upload Vulnerability. Such vulnerabilities occur when an application allows users to upload files without proper validation or sanitization, enabling attackers to upload malicious scripts (e.g., PHP) that can be executed on the server. In this case, if the server executes the uploaded malicious.php, it could expose server information via phpinfo() or perform other malicious actions.
Option A ('HTTP Desync Attack') involves manipulating HTTP request pipelines, which is not relevant here as the request appears standard. Option B ('File Path Traversal Attack') involves accessing unauthorized files using ../, which is not evident in this request. Option D ('Server-Side Request Forgery') involves tricking the server into making unintended requests, which does not apply to file uploads. Thus, C is the correct answer, aligning with the CAP syllabus under 'File Handling Security' and 'OWASP Top 10 (A05:2021 - Security Misconfiguration).'
Hershel
2 days ago