Zend
ZF-100-500 · Question #148
ZF-100-500 Question #148: Real Exam Question with Answer & Explanation
Sign in or unlock ZF-100-500 to reveal the answer and full explanation for question #148. The question stem and answer options stay visible for context.
Question
Consider the PHP program (which includes a file specified by request): <?php $color = 'blue'; if (isset( $_GET['COLOR'] ) ) $color = $_GET['COLOR']; require( $color . '.php' ); ?> <form method="get"> <select name="COLOR"> Zend ZF-100-500 Exam <option value="red">red</option> <option value="blue">blue</option> </select> <input type="submit"> </form> A malicious user injects the following command: /vulnerable.php?COLOR=C:\notes.txt%00 Where vulnerable.php is a remotely hosted file containing an exploit. What does the malicious user want to do?
Options
- APerform a cross-site scripting attack.
- BExecute the malicious code that exists in the file vulnerable.php.
- CRemove the .php suffix, allowing access to files other than .php.
- DInject a remotely hosted file containing an exploit.
Unlock ZF-100-500 to see the answer
You've previewed enough free ZF-100-500 questions. Unlock ZF-100-500 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.