CompTIA Security+ (SY0-501) — Question 831

A security analyst receives an alert from a WAF with the following payload: var data= `<test test test>` ++ <../../../../../../etc/passwd>`
Which of the following types of attacks is this?

Answer options

• A. Cross-site request forgery
• B. Buffer overflow
• C. SQL injection
• D. JavaScript data insertion
• E. Firewall evasion script

Correct answer: D

Explanation

The correct answer is D, JavaScript data insertion, as the payload indicates an attempt to insert JavaScript code. The other options do not fit the context of the payload, with A being related to unauthorized requests, B involving memory management issues, C concerning database queries, and E relating to bypassing security mechanisms rather than direct code insertion.