CompTIA CySA+ (CS0-003) — Question 32

A security analyst discovers an LFI vulnerability that can be exploited to extract credentials from the underlying host. Which of the following patterns can the security analyst use to search the web server logs for evidence of exploitation of that particular vulnerability?

Answer options

• A. /etc/shadow
• B. curl localhost
• C. ; printenv
• D. cat /proc/self/

Correct answer: A

Explanation

The correct answer is A, as the '/etc/shadow' file contains password hashes on Unix-based systems, making it a prime target for attackers exploiting LFI vulnerabilities. Options B, C, and D do not relate directly to accessing sensitive credential information through LFI and are not indicative of exploitation in web server logs.