nerdexam
EC-Council

312-50V10 · Question #651

Study the following log extract and identify the attack.

The correct answer is D. Unicode Directory Traversal Attack. The log extract shows Unicode-encoded directory traversal sequences used to bypass input filters and access restricted file paths on the server.

Hacking Web Applications

Question

Study the following log extract and identify the attack.

Exhibit

312-50V10 question #651 exhibit

Options

  • AHexcode Attack
  • BCross Site Scripting
  • CMultiple Domain Traversal Attack
  • DUnicode Directory Traversal Attack

How the community answered

(49 responses)
  • A
    8% (4)
  • B
    4% (2)
  • C
    16% (8)
  • D
    71% (35)

Why each option

The log extract shows Unicode-encoded directory traversal sequences used to bypass input filters and access restricted file paths on the server.

AHexcode Attack

A Hexcode Attack uses standard ASCII percent-encoded hex values such as %2e%2e%2f to represent traversal sequences, not overlong Unicode byte sequences.

BCross Site Scripting

Cross-Site Scripting involves injecting malicious client-side scripts into pages viewed by other users, not encoding path separators to traverse server directories.

CMultiple Domain Traversal Attack

Multiple Domain Traversal Attack describes crossing domain or trust boundaries, not using Unicode encoding to traverse directory paths on a single server.

DUnicode Directory Traversal AttackCorrect

A Unicode Directory Traversal Attack uses overlong or alternate Unicode encodings of path separator characters (such as %c0%af for '/') to bypass security filters that block standard traversal strings like '../'. The log entry contains these Unicode-encoded sequences attempting to navigate outside the web root, a well-known IIS vulnerability documented in CVE-2000-0884.

Concept tested: Unicode-encoded directory traversal attack identification

Source: https://owasp.org/www-community/attacks/Path_Traversal

Topics

#directory traversal#Unicode encoding#path traversal#web log analysis

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice