A network engineer at Company ABC observes the following raw HTTP request:
GET /disp_reports.php? SectionEntered=57&GroupEntered=-1&report_type=alerts&to_date=0101-0101&Run=
Run&UserEntered=dsmith&SessionID=5f04189bc&from_date=31-10-2010&TypesEntered=1
HTTP/1.1
Host: test.example.net
Accept: */*
Accept-LanguagE. en
Connection: close
CookiE. java14=1; java15=1; java16=1; js=1292192278001;
Which of the following should be the engineer’s GREATEST concern?
A . The HTTPS is not being enforced so the system is vulnerable.
B . The numerical encoding on the session ID is limited to hexadecimal characters, making it susceptible to a brute force attack.
C . Sensitive data is transmitted in the UR
E . The dates entered are outside a normal range, which may leave the system vulnerable to a denial of service attack.
Answer: C
Leave a Reply