Certified Ethical Hacker (CEH v11) — Question 345

A "Server-Side Includes" attack refers to the exploitation of a web application by injecting scripts in HTML pages or executing arbitrary code remotely.
Which web-page file type, if it exists on the web server, is a strong indication that the server is vulnerable to this kind of attack?

Answer options

• A. .stm
• B. .cms
• C. .rss
• D. .html

Correct answer: A

Explanation

The presence of a .stm file indicates that the web server is likely configured to process Server-Side Includes, making it vulnerable to such attacks. The other file types, .cms, .rss, and .html, do not inherently suggest this capability and are not typically associated with the risk of Server-Side Includes vulnerabilities.