SY0-301 · Question #634
A security administrator examines a network session to a compromised database server with a packet analyzer. Within the session there is a repeated series of the hex character 90 (x90). Which of the f
The correct answer is A. Buffer overflow. The repeated hex value 0x90 is the x86 NOP (No Operation) instruction, and a long sequence of NOPs known as a NOP sled is a classic signature of a buffer overflow exploit.
Question
A security administrator examines a network session to a compromised database server with a packet analyzer. Within the session there is a repeated series of the hex character 90 (x90). Which of the following attack types has occurred?
Options
- ABuffer overflow
- BCross-site scripting
- CXML injection
- DSQL injection
How the community answered
(39 responses)- A74% (29)
- B3% (1)
- C8% (3)
- D15% (6)
Why each option
The repeated hex value 0x90 is the x86 NOP (No Operation) instruction, and a long sequence of NOPs known as a NOP sled is a classic signature of a buffer overflow exploit.
In x86 architecture, the byte 0x90 represents the NOP instruction, which does nothing except advance the instruction pointer. Attackers craft a buffer overflow payload with a long NOP sled followed by shellcode, so that execution slides into the shellcode regardless of the exact return address. The repeated 0x90 sequence in the captured session is a direct indicator of this buffer overflow technique.
Cross-site scripting injects malicious scripts into web pages delivered to users and would not produce a NOP sled pattern in a database session.
XML injection manipulates XML parsers with malformed input and does not involve NOP instruction sequences.
SQL injection inserts malicious SQL statements into database queries and does not rely on NOP byte patterns.
Concept tested: NOP sled signature in buffer overflow attacks
Source: https://owasp.org/www-community/vulnerabilities/Buffer_Overflow
Topics
Community Discussion
No community discussion yet for this question.