Which statement is incorrect about blacklisting of metacharacters in Shell Command Injection?

Escaping shell metacharacters is easy with blacklisting.

We handle only the characters we know are unsafe.

It is not a good measure because we may easily miss some metacharacters.

Blacklist must contains all metacharacters of different shells, if we are not quite sure what kind of shell will be used.

Lesson 2 - Passing Data to Subsystems

Authored by Babak Brad

Computers

University

Used 58+ times

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

10 questions

Show all answers

MULTIPLE CHOICE QUESTION

2 mins • 1 pt

What is the main security problem with meta-characters, when a dynamic web applications pass data to a subsystem?

The parser may switch context from normal text to control command.

They may contain names, addresses, passwords, and some private information.

They contain raw data, instead of encrypted data.

The programmer is not able to handle them.

MULTIPLE CHOICE QUESTION

2 mins • 1 pt

Any database server based on SQL will need to have quotes escaped in string constants.

True

False

MULTIPLE CHOICE QUESTION

2 mins • 1 pt

The hyphens are not the main root of problem in SQL injection attack.

True

False

MULTIPLE CHOICE QUESTION

2 mins • 1 pt

If a program run an external command using operating system, the risk of which attack is more probably increased?

SQL injection

Shell command injection

Session Hijacking

All the above answers

MULTIPLE CHOICE QUESTION

2 mins • 1 pt

All the following methods are useful to reduce the risk of Shell Command Injection, except:

Managing without the shell

Avoiding user input in the command arguments

Avoiding 'Finger' and 'Sendmail' commands

Handling shell metacharacters

MULTIPLE CHOICE QUESTION

2 mins • 1 pt

An attacker entered this input as email address when registering in a system. What attack he intend to perform?

Shell command injection

SQL injection

Session hijacking

Metacharacter injection

MULTIPLE CHOICE QUESTION

2 mins • 1 pt

An attacker can modify queries that are sent to a database by playing with input to the web application. It describes ...

Shell Command Injection

SQL Injection

Cross-site Scripting

Session Hijacking

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

10 questions

Firewall & IDS

Quiz

•

University

15 questions

Database concepts

Quiz

•

University

15 questions

ETL - Quiz

Quiz

•

University

15 questions

Bancos de Dados - Quiz 3

Quiz

•

University

15 questions

PYTHON UNIT I MCQS

Quiz

•

University

10 questions

Database

Quiz

•

University

15 questions

AWD - Midterm Quiz

Quiz

•

University

14 questions

Linux: Users and Groups

Quiz

•

9th Grade - University

Popular Resources on Wayground

7 questions

History of Valentine's Day

Interactive video

•

4th Grade

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

$fractions$

22 questions

fractions

Quiz

•

3rd Grade

15 questions

Valentine's Day Trivia

Quiz

•

3rd Grade

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

Discover more resources for Computers

18 questions

Valentines Day Trivia

Quiz

•

3rd Grade - University

12 questions

IREAD Week 4 - Review

Quiz

•

3rd Grade - University

23 questions

Subject Verb Agreement

Quiz

•

9th Grade - University

5 questions

What is Presidents' Day?

Interactive video

•

10th Grade - University

7 questions

Renewable and Nonrenewable Resources

Interactive video

•

4th Grade - University

20 questions

Mardi Gras History

Quiz

•

6th Grade - University

10 questions

The Roaring 20's Crash Course US History

Interactive video

•

11th Grade - University

17 questions

Review9_TEACHER

Quiz

•

University

Lesson 2 - Passing Data to Subsystems

What is the main security problem with meta-characters, when a dynamic web applications pass data to a subsystem?

Any database server based on SQL will need to have quotes escaped in string constants.

The hyphens are not the main root of problem in SQL injection attack.

If a program run an external command using operating system, the risk of which attack is more probably increased?

All the following methods are useful to reduce the risk of Shell Command Injection, except:

An attacker entered this input as email address when registering in a system. What attack he intend to perform?

An attacker can modify queries that are sent to a database by playing with input to the web application. It describes ...

If we do not handle metacharacters, our SQL-based database application will be vulnerable to SQL injection attacks.

A good measure against SQL injection attack is to pass query parameters separately from the SQL statement itself.

Which statement is incorrect about blacklisting of metacharacters in Shell Command Injection?

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Computers