You have been authorized to perform a penetration test against a website. You want to use Google dorks to footprint the site but only want results that show file extensions. What Google dork operator would you use?

• A.filetype
• B.ext
• C.inurl
• D.site

Comment: *

Name: *

Email: *

Verification: *

Attempting an injection attack on a web server based on responses to True/False Question:s is called which of the following?

• A.Compound SQLi
• B.Blind SQLi
• C.Classic SQLi
• D.DMS-specific SQLi

Comment: *

Name: *

Email: *

Verification: *

Which of the following tools can be used to perform a zone transfer?

• A.Finger
• B.Netcat
• C.Host
• D.Neotrace
• E.NSLookup
• F.Sam Spade
• G.Dig

Comment: *

Name: *

Email: *

Verification: *

Mr. Omkar performed tool-based vulnerability assessment and found two vulnerabilities. During analysis, he found that these issues are not true vulnerabilities.
What will you call these issues?

• A.False positives
• B.True negatives
• C.True positives
• D.False negatives

Comment: *

Name: *

Email: *

Verification: *

An attacker changes the profile information of a particular user (victim) on the target website. The attacker uses this string to update the victim's profile to a text file and then submit the data to the attacker's database.
<
iframe src=""http://www.vulnweb.com/updateif.php"" style=""display:none""
> < /iframe >
What is this type of attack (that can use either HTTP GET or HTTP POST) called?

• A.Browser Hacking
• B.Cross-Site Scripting
• C.SQL Injection
• D.Cross-Site Request Forgery

Correct Answer: D

https://book.hacktricks.xyz/pentesting-web/csrf-cross-site-request-forgery Cross-site request forgery (also known as CSRF) is a web security vulnerability that allows an attacker to induce users to perform actions that they do not intend to perform.
This is done by making a logged in user in the victim platform access an attacker controlled website and from there execute malicious JS code, send forms or retrieve "images" to the victims account.
In order to be able to abuse a CSRF vulnerability you first need to find a relevant action to abuse (change password or email, make the victim follow you on a social network, give you more privileges...). The session must rely only on cookies or HTTP Basic Authentication header, any other header can't be used to handle the session. An finally, there shouldn't be unpredictable parameters on the request.
Several counter-measures could be in place to avoid this vulnerability. Common defenses:
- SameSite cookies: If the session cookie is using this flag, you may not be able to send the cookie from arbitrary web sites.
- Cross-origin resource sharing: Depending on which kind of HTTP request you need to perform to abuse the relevant action, you may take int account the CORS policy of the victim site. Note that the CORS policy won't affect if you just want to send a GET request or a POST request from a form and you don't need to read the response.
- Ask for the password user to authorise the action.
- Resolve a captcha
- Read the Referrer or Origin headers. If a regex is used it could be bypassed form example with:
http://mal.net?orig=http://example.com
(ends with the url)
http://example.com.mal.net
(starts with the url)
- Modify the name of the parameters of the Post or Get request
- Use a CSRF token in each session. This token has to be send inside the request to confirm the action. This token could be protected with CORS.
Diagram Description automatically generated

Comment: *

Name: *

Email: *

Verification: *