nerdexam
EC-Council

312-50V9 · Question #553

Study the following log extract and identify the attack.

The correct answer is D. Unicode Directory Traversal Attack. The log extract shows Unicode-encoded directory traversal sequences used to bypass security filters that block standard '../' path sequences.

Hacking Web Servers

Question

Study the following log extract and identify the attack.

Exhibit

312-50V9 question #553 exhibit

Options

  • AHexcode Attack
  • BCross Site Scripting
  • CMultiple Domain Traversal Attack
  • DUnicode Directory Traversal Attack

How the community answered

(23 responses)
  • A
    9% (2)
  • B
    4% (1)
  • C
    4% (1)
  • D
    83% (19)

Why each option

The log extract shows Unicode-encoded directory traversal sequences used to bypass security filters that block standard '../' path sequences.

AHexcode Attack

A Hexcode Attack uses standard percent-encoded hex values (like %2e%2e%2f) for directory traversal, not Unicode multi-byte encoding sequences.

BCross Site Scripting

Cross Site Scripting (XSS) involves injecting malicious client-side scripts into web pages viewed by other users, not path manipulation via encoded directory sequences.

CMultiple Domain Traversal Attack

Multiple Domain Traversal Attack is not a recognized standard attack category; the specific technique shown involves Unicode encoding to traverse server directories.

DUnicode Directory Traversal AttackCorrect

A Unicode Directory Traversal Attack uses Unicode or multi-byte UTF-8 encoded representations of the '../' sequence (such as %c0%af or %c1%9c) to evade input validation filters that only check for literal dot-dot-slash patterns. Web servers that decode Unicode after performing security checks are vulnerable to this technique, allowing attackers to traverse outside the web root and access restricted files on the server.

Concept tested: Unicode encoding bypass for directory traversal

Source: https://owasp.org/www-community/attacks/Path_Traversal

Topics

#directory traversal#Unicode attack#log analysis#web server exploitation

Community Discussion

No community discussion yet for this question.

Full 312-50V9 Practice