nerdexam
GIAC

GPEN · Question #408

GPEN Question #408: Real Exam Question with Answer & Explanation

The correct answer is C. If web logs are viewed in a web-based console, log entries containing XSS mayexecute on the. XSS payloads written into web server logs can execute against administrators when those logs are viewed in a browser-based console, making log injection a stored XSS delivery vector.

Question

How can web server logs be leveraged to perform Cross-Site Scripting (XSSI?

Options

  • AWeb logs containing XSS may execute shell scripts when opened In a GUI textbrowser
  • BXSS attacks cause web logs to become unreadable and therefore are an effective DOS
  • CIf web logs are viewed in a web-based console, log entries containing XSS mayexecute on the
  • DWhen web logs are viewed in a terminal. XSS can escape to the shell and executecommands.

Explanation

XSS payloads written into web server logs can execute against administrators when those logs are viewed in a browser-based console, making log injection a stored XSS delivery vector.

Common mistakes.

  • A. GUI text browsers and standard text editors do not execute JavaScript, so opening log files in such tools displays the XSS payload as inert literal text without triggering script execution.
  • B. XSS payloads stored in log entries do not corrupt log formatting or prevent logs from being read; they remain fully legible and do not impair the availability or readability of the logging system.
  • D. Terminal-based log viewers render content as plain text without an HTML rendering engine, so XSS payloads cannot be interpreted as executable script or escape to the underlying shell from a command-line context.

Concept tested. Log injection as a stored XSS delivery mechanism

Reference. https://owasp.org/www-community/attacks/Log_Injection

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full GPEN Practice