CompTIA PenTest+ (PT0-001) — Question 24

A security analyst has uncovered a suspicious request in the logs for a web application. Given the following URL: http:www.company-site.com/about.php?i=_V_V_V_V_VetcVpasswd
Which of the following attack types is MOST likely to be the vulnerability?

Answer options

• A. Directory traversal
• B. Cross-site scripting
• C. Remote file inclusion
• D. User enumeration

Correct answer: B

Explanation

The correct answer is B, Cross-site scripting, because the URL suggests an attempt to inject a script through the 'i' parameter. The other options are not applicable as there is no indication of file path manipulation, remote file inclusion, or user account enumeration in the provided URL.