312-50V10 · Question #651
Study the following log extract and identify the attack.
The correct answer is D. Unicode Directory Traversal Attack. The log extract shows Unicode-encoded directory traversal sequences used to bypass input filters and access restricted file paths on the server.
Question
Study the following log extract and identify the attack.
Exhibit
Options
- AHexcode Attack
- BCross Site Scripting
- CMultiple Domain Traversal Attack
- DUnicode Directory Traversal Attack
How the community answered
(49 responses)- A8% (4)
- B4% (2)
- C16% (8)
- D71% (35)
Why each option
The log extract shows Unicode-encoded directory traversal sequences used to bypass input filters and access restricted file paths on the server.
A Hexcode Attack uses standard ASCII percent-encoded hex values such as %2e%2e%2f to represent traversal sequences, not overlong Unicode byte sequences.
Cross-Site Scripting involves injecting malicious client-side scripts into pages viewed by other users, not encoding path separators to traverse server directories.
Multiple Domain Traversal Attack describes crossing domain or trust boundaries, not using Unicode encoding to traverse directory paths on a single server.
A Unicode Directory Traversal Attack uses overlong or alternate Unicode encodings of path separator characters (such as %c0%af for '/') to bypass security filters that block standard traversal strings like '../'. The log entry contains these Unicode-encoded sequences attempting to navigate outside the web root, a well-known IIS vulnerability documented in CVE-2000-0884.
Concept tested: Unicode-encoded directory traversal attack identification
Source: https://owasp.org/www-community/attacks/Path_Traversal
Topics
Community Discussion
No community discussion yet for this question.
