A security analyst is reviewing the following web server log: GET %2f..%2f..%2f.%2f.%2f.%2f.%2f../etc/passwd Which of the following BEST describes the issue?

CompTIA CySA+ Exam CS0-002: Web Server Log Analysis

Analyzing Web Server Logs for Security Issues

Prev Question Next Question

Question

A security analyst is reviewing the following web server log: GET %2f..%2f..%2f.

%2f.

%2f../etc/passwd Which of the following BEST describes the issue?

Answers

A. Directory traversal exploit

B. Cross-site scripting

C. SQL injection

D. Cross-site request forgery.

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

The issue described in the web server log is a directory traversal exploit.

Directory traversal, also known as path traversal, is a vulnerability that allows an attacker to access files and directories outside of the web server's root directory. This vulnerability can occur when the web application fails to properly validate user input, allowing attackers to input special characters or sequences to manipulate the application's file paths.

In the provided log, the "GET" request includes a series of "%2f" sequences, which represent forward slashes (/) that have been URL-encoded. The "%2f../" sequence tells the web server to move up one directory level from the root directory. This sequence is repeated several times, indicating that the attacker is attempting to traverse multiple directory levels.

The final portion of the request, "/etc/passwd", is the location of a sensitive system file on Unix-based systems. By using the directory traversal exploit to access this file, the attacker may be able to retrieve usernames and encrypted passwords for system accounts, which could be used to further compromise the system.

Therefore, the BEST description of the issue is a directory traversal exploit.

Prev Question Next Question