• Tutorials
  • Courses
  • Tracks

Cyber Quiz Day 34

Last Updated :
Discuss
Comments

Question 1

A developer finds a URL parameter that takes a filename and opens files on disk. What key check best distinguishes a path-traversal bug from a missing-authorization (IDOR) issue

  • Whether the filename parameter is URL-encoded or not

  • Whether the application resolves the supplied path outside the intended base directory

  • Whether the request requires authenticated user session

  • Whether the file is returned with a Content-Type header

Discuss it

Question 2

You see an API endpoint GET /invoices/{invoice_id} that returns invoice data. Which additional check would a security-minded reviewer insist on to catch IDORs (beyond authentication)?

  • Validate the invoice_id format uses UUID only

  • Ensure responses are compressed to reduce bandwidth

  • Rate-limit the endpoint to 10 requests/minute


  • Verify the authenticated user is authorized to view that specific invoice_id resource

Discuss it

Question 3

Which logging strategy most reliably helps detect attempted path-traversal probes in production without exposing sensitive content in logs?

  • Log full request bodies and return them to the console for analysis

  • Log and display full file contents for failed requests to aid debugging

  • Log canonicalized requested paths and whether canonicalization moved outside the allowed root

  • Log only response status codes (200/403/404) without request context

Discuss it

Question 4

A reverse proxy caches responses. Which response characteristic most directly makes it vulnerable to cache poisoning via untrusted request headers?

  • The cache key includes user-controlled header values (e.g., X-Forwarded-Host)

  • The origin server uses a Set-Cookie header for session management

  • The cache is configured with a short TTL (e.g., 10s)

  • The backend always returns Cache-Control: no-cache

Discuss it

Question 5

Which sequence best describes a realistic, severe combined vulnerability that often results in widespread data exposure?

  • IDOR present on a cached endpoint + cache poisoning ability to store attacker content under victim cache keys

  • Path traversal → file upload vulnerability → Cross-site scripting

  • Weak password policy → public Git repo → telemetry leak

  • Missing CSP header → mixed content → slow page loads

Discuss it

Question 6

You need to make a frequently requested authenticated resource cacheable at CDN edge, but avoid IDOR/caching cross-contamination. Which is the best safe approach?

  • Cache everything and rely on short TTLs so the impact is minimal

  • Disable compression to make poisoning harder

  • Use a cache key that includes a signed token or user identifier that the CDN cannot forge, and validate it server-side

  • Remove authentication so caching is simpler

Discuss it

Question 7

During a pentest, you must confirm an IDOR on a GET /profile/{id} endpoint without causing harm. Which safe test gives good evidence of IDOR?

  • Create a test resource as your account, then attempt to fetch that resource using another (test) account’s credentials to check access control

  • Use SQL injection to enumerate all IDs, then download them

  • Modify server filesystem paths via the filename parameter to see if the server crashes

  • Guess random IDs until you find one that returns 200 and inspect sensitive fields

Discuss it

Question 8

Which cache response header setting helps prevent downstream cache poisoning when the response varies by request headers?

  • Cache-Control: public, max-age=86400

  • Vary: Accept-Encoding, Cookie with no additional precautions

  • Expires header only

  • Cache-Control: private or ensuring Vary and cache keys correctly reflect user-specific inputs

Discuss it

Question 9

An application uses a file read API but stores uploads in a database and maps logical names to storage paths. Why could this design still be vulnerable to path traversal-style issues?

  • Databases are invulnerable, so it cannot be vulnerable

  • It’s only vulnerable if uploads are larger than 1MB

  • Using logical names eliminates any possibility of unauthorized file access

  • If the mapping accepts user-supplied paths or fails to canonicalize the mapped path before retrieval, an attacker may influence the resolved filesystem path

Discuss it

Question 10

You are triaging three findings: an exploitable IDOR on a sensitive endpoint, a cache configuration that uses an untrusted header in the cache key, and a low-risk info-leak via verbose error messages. In what order should you fix them?

  • Info-leak → IDOR → cache key issue

  • Cache key issue → IDOR → info-leak

  • IDOR → cache key issue → info-leak

  • Fix all simultaneously; prioritization doesn’t matter

Discuss it

There are 10 questions to complete.

Take a part in the ongoing discussion