Zend
200-530 · Question #416
200-530 Question #416: Real Exam Question with Answer & Explanation
Sign in or unlock 200-530 to reveal the answer and full explanation for question #416. The question stem and answer options stay visible for context.
Question
Consider the PHP program (which includes a file specified by request): <?php $color = 'blue'; if (isset( $_GET['COLOR'] ) ) $color = $_GET['COLOR']; require( $color . '.php' ); ?> <form method="get"> <select name="COLOR"> <option value="red">red</option> <option value="blue">blue</option> </select> <input type="submit"> </form> A malicious user injects the following command: /vulnerable.php?COLOR=C:\notes.txt%00 where vulnerable.php is a remotely hosted file containing an exploit. What does the malicious user want to do?
Options
- AExecute the malicious code that exists in the file vulnerable.php.
- BRemove the .php suffix, allowing access to files other than .php.
- CInject a remotely hosted file containing an exploit.
- DPerform a cross-site scripting attack.
Unlock 200-530 to see the answer
You've previewed enough free 200-530 questions. Unlock 200-530 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.