EC-Council Certified Security Analyst (ECSA v10)
Total Question for this course: 20

Total Questions − 20 Select The Correct Answer(s)
Question: Richard, a penetration tester was asked to assess a web application. During the assessment, he discovered a file upload field where users can upload their profile pictures. While scanning the page for vulnerabilities, Richard found a file upload exploit on the web site. Richard wants to test the web application by uploading a malicious PHP shell, but the web page denied the file upload. Trying to get around the security, Richard added the ) pg' extension to the end of the file. The new file name ended with '.php.jpg'. He then used the Burp suite tool and removed the lpg' extension from the request while uploading the file. This enabled him to successfully upload the PHP shell. Which of the following techniques has Richard implemented to upload the PHP shell?
 
Crossite scripting
 
Cookie tampering
 
Parameter tampering
 
Session stealing