CompTIA PenTest+ (PT1-002) — Question 89

A penetration tester conducted an assessment on a web server. The logs from this session show the following: http://www.thecompanydomain.com/servicestatus.php?serviceID=892&serviceID=892 `˜ ; DROP TABLE SERVICES; --
Which of the following attacks is being attempted?

Answer options

• A. Clickjacking
• B. Session hijacking
• C. Parameter pollution
• D. Cookie hijacking
• E. Cross-site scripting

Correct answer: C

Explanation

The correct answer is C, Parameter pollution, because the attacker is manipulating the URL parameters to inject a SQL statement that aims to drop a table. The other options such as Clickjacking, Session hijacking, Cookie hijacking, and Cross-site scripting do not involve the manipulation of parameters in this manner and focus on different attack vectors.