Implementing Cisco Cybersecurity Operations (SECOPS, legacy) — Question 2
A CMS plugin creates two filters that are accessible from the Internet: myplugin.html and exploitable.php. A newly discovered exploit takes advantage of an injection vulnerability in exploitable.php. To exploit the vulnerability, one must send an HTTP POST with specific variables to exploitable.php. You see traffic to your webserver that consists of only HTTP GET requests to myplugin.html.
Which category best describes this activity?
Answer options
- A. weaponization
- B. exploitation
- C. installation
- D. reconnaissance
Correct answer: B
Explanation
The correct answer is B, exploitation, because the scenario describes an attempt to take advantage of a vulnerability in exploitable.php. The presence of only HTTP GET requests to myplugin.html suggests reconnaissance activity, but without POST requests targeting exploitable.php, exploitation has not occurred yet.