nerdexam
EC-Council

312-50V11 · Question #651

Study the following log extract and identify the attack.

The correct answer is D. Unicode Directory Traversal Attack. The log extract shows a Unicode Directory Traversal Attack, where Unicode-encoded path separator characters are used to bypass input validation and traverse server directories.

Hacking Web Applications

Question

Study the following log extract and identify the attack.

Exhibit

312-50V11 question #651 exhibit

Options

  • AHexcode Attack
  • BCross Site Scripting
  • CMultiple Domain Traversal Attack
  • DUnicode Directory Traversal Attack

How the community answered

(17 responses)
  • A
    6% (1)
  • C
    18% (3)
  • D
    76% (13)

Why each option

The log extract shows a Unicode Directory Traversal Attack, where Unicode-encoded path separator characters are used to bypass input validation and traverse server directories.

AHexcode Attack

Hexcode attacks use standard percent-hex encoding of characters but do not rely on multi-byte Unicode sequences to bypass directory traversal filters.

BCross Site Scripting

Cross-Site Scripting involves injecting malicious client-side scripts into web pages consumed by other users, not manipulating URL paths to traverse server directories.

CMultiple Domain Traversal Attack

Multiple Domain Traversal is not a recognised standard attack category; the log pattern reflects Unicode-encoded single-host directory traversal, not cross-domain exploitation.

DUnicode Directory Traversal AttackCorrect

Unicode Directory Traversal attacks encode the path separator '/' or backslash using Unicode representations such as %c0%af or %c1%9c to evade security filters that look for literal '../' sequences. This allows an attacker to walk outside the web root and access restricted files on the server, which is the pattern visible in the log.

Concept tested: Unicode directory traversal attack identification

Source: https://owasp.org/www-community/attacks/Path_Traversal

Topics

#directory traversal#Unicode encoding#log analysis#web attack

Community Discussion

No community discussion yet for this question.

Full 312-50V11 Practice