nerdexam
GIAC

GCIH · Question #550

How could an attacker bypass client-side filtering of user input?

The correct answer is A. By using a web proxy tool. Note that the attacker may have to bypass any client-side filtering of the characters. For example, a lot of Web applications use JavaScript in the browser to filter out different characters that they do not want to be sent in to the application. It is very easy for an attacker t

Web Application Attacks & Post-Exploitation

Question

How could an attacker bypass client-side filtering of user input?

Options

  • ABy using a web proxy tool
  • BBy disabling unsigned Active X controls in Internet Explorer
  • CBy cracking SSL keys
  • DBy breaking into the web server and disabling filtering

How the community answered

(35 responses)
  • A
    71% (25)
  • B
    3% (1)
  • C
    17% (6)
  • D
    9% (3)

Explanation

Note that the attacker may have to bypass any client-side filtering of the characters. For example, a lot of Web applications use JavaScript in the browser to filter out different characters that they do not want to be sent in to the application. It is very easy for an attacker to get around this. They could use a customized browser or they could use a web proxy tool.

Topics

#client-side filter bypass#web proxy#input validation#web application security

Community Discussion

No community discussion yet for this question.

Full GCIH Practice