312-50V11 · Question #22
312-50V11 Question #22: Real Exam Question with Answer & Explanation
The correct answer is A: Inserts text into a data field that gets interpreted as code. Code injection occurs when attacker-supplied text entered into a data field is interpreted and executed as code by the application or underlying system. This is distinct from memory exploits, client-side scripting attacks, or direct file system access.
Question
Options
- AInserts text into a data field that gets interpreted as code
- BGets the server to execute arbitrary code using a buffer overflow
- CInserts additional code into the JavaScript running in the browser
- DGains access to the codebase on the server and inserts new code
Explanation
Code injection occurs when attacker-supplied text entered into a data field is interpreted and executed as code by the application or underlying system. This is distinct from memory exploits, client-side scripting attacks, or direct file system access.
Common mistakes.
- B. Executing arbitrary code via a buffer overflow is a memory corruption exploit, not code injection through a data field.
- C. Inserting code into JavaScript running in the browser describes Cross-Site Scripting (XSS), which is a client-side injection attack distinct from server-side code injection.
- D. Gaining access to the server codebase and inserting new code describes unauthorized code modification or a supply chain attack, not code injection.
Concept tested. Code injection attack definition and mechanism
Reference. https://owasp.org/www-community/attacks/Code_Injection
Community Discussion
No community discussion yet for this question.