CompTIA Security+ (SY0-501) — Question 50

An administrator discovers the following log entry on a server:
Nov 12 2013 00:23:45 httpd[2342]: GET
/app2/prod/proc/process.php?input=change;cd%20../../../etc;cat%20shadow
Which of the following attacks is being attempted?

Answer options

• A. Command injection
• B. Password attack
• C. Buffer overflow
• D. Cross-site scripting

Correct answer: A

Explanation

The correct answer is A, Command injection, because the log shows an attempt to execute commands on the server by chaining commands in the URL. The other options, such as Password attack, Buffer overflow, and Cross-site scripting, do not apply as they involve different methods of exploitation that are not represented in this log entry.