Certified Ethical Hacker (CEH v12) — Question 301
A "Server-Side Includes" attack refers to the exploitation of a web application by injecting scripts in HTML pages or executing arbitrary code remotely.
Which web-page file type, if it exists on the web server, is a strong indication that the server is vulnerable to this kind of attack?
Answer options
- A. .stm
- B. .cms
- C. .rss
- D. .html
Correct answer: A
Explanation
The presence of a .stm file type indicates that the server is configured to process Server-Side Includes, making it more vulnerable to such attacks. The other file types, .cms, .rss, and .html, do not typically suggest the same level of vulnerability to Server-Side Includes as .stm does.