312-50V11 · Question #651
Study the following log extract and identify the attack.
The correct answer is D. Unicode Directory Traversal Attack. The log extract shows a Unicode Directory Traversal Attack, where Unicode-encoded path separator characters are used to bypass input validation and traverse server directories.
Question
Study the following log extract and identify the attack.
Exhibit
Options
- AHexcode Attack
- BCross Site Scripting
- CMultiple Domain Traversal Attack
- DUnicode Directory Traversal Attack
How the community answered
(17 responses)- A6% (1)
- C18% (3)
- D76% (13)
Why each option
The log extract shows a Unicode Directory Traversal Attack, where Unicode-encoded path separator characters are used to bypass input validation and traverse server directories.
Hexcode attacks use standard percent-hex encoding of characters but do not rely on multi-byte Unicode sequences to bypass directory traversal filters.
Cross-Site Scripting involves injecting malicious client-side scripts into web pages consumed by other users, not manipulating URL paths to traverse server directories.
Multiple Domain Traversal is not a recognised standard attack category; the log pattern reflects Unicode-encoded single-host directory traversal, not cross-domain exploitation.
Unicode Directory Traversal attacks encode the path separator '/' or backslash using Unicode representations such as %c0%af or %c1%9c to evade security filters that look for literal '../' sequences. This allows an attacker to walk outside the web root and access restricted files on the server, which is the pattern visible in the log.
Concept tested: Unicode directory traversal attack identification
Source: https://owasp.org/www-community/attacks/Path_Traversal
Topics
Community Discussion
No community discussion yet for this question.
