CompTIA PenTest+ (PT0-003) — Question 79

A penetration tester has found a web application that is running on a cloud virtual machine instance. Vulnerability scans show a potential SSRF for the same application URL path with an injectable parameter. Which of the following commands should the tester run to successfully test for secrets exposure exploitabilty?

Answer options

• A. curl <url>?param=http://169.254.169.254/latest/meta-data/
• B. curl '<url>?param=http://127.0.0.1/etc/passwd'
• C. curl '<url>?param=<script>alert(1}<script>/'
• D. curl <url>?param=http://127.0.0.1/

Correct answer: A

Explanation

The correct command (A) targets the metadata endpoint of a cloud provider, which can reveal sensitive information if the SSRF vulnerability is exploited. Option B attempts to access the local file system, which is not applicable in this scenario. Option C introduces a script injection attempt, which does not test SSRF. Option D also targets the local machine but does not access the metadata service.