What is Donald trying to achieve?

Posted by: Pdfprep Category: ECSAv10 Tags: , ,

While auditing a web application for vulnerabilities, Donald uses Burp proxy and modifies the get requests as below:

http://www.example.com/GET/process.php./../../../../../../../../etc/password

What is Donald trying to achieve?
A . Donald is modifying process.php file to extract /etc/password file
B . Donald is trying directory traversal to extract /etc/password file
C . Donald is trying SQL injection to extract the contents of /etc/password file
D . Donald is trying to upload /etc/password file to the web server root folder

Answer: B

Leave a Reply

Your email address will not be published.