Which statement is incorrect about blacklisting of metacharacters in Shell Command Injection?

Escaping shell metacharacters is easy with blacklisting.

We handle only the characters we know are unsafe.

It is not a good measure because we may easily miss some metacharacters.

Blacklist must contains all metacharacters of different shells, if we are not quite sure what kind of shell will be used.

Lesson 2 - Passing Data to Subsystems

Quiz

•

Computers

•

University

•

Practice Problem

•

Medium

Babak Brad

Used 58+ times

FREE Resource

10 questions

Show all answers

1.

MULTIPLE CHOICE QUESTION

2 mins • 1 pt

What is the main security problem with meta-characters, when a dynamic web applications pass data to a subsystem?

The parser may switch context from normal text to control command.

They may contain names, addresses, passwords, and some private information.

They contain raw data, instead of encrypted data.

The programmer is not able to handle them.

2.

MULTIPLE CHOICE QUESTION

2 mins • 1 pt

Any database server based on SQL will need to have quotes escaped in string constants.

True

False

3.

MULTIPLE CHOICE QUESTION

2 mins • 1 pt

The hyphens are not the main root of problem in SQL injection attack.

True

False

4.

MULTIPLE CHOICE QUESTION

2 mins • 1 pt

If a program run an external command using operating system, the risk of which attack is more probably increased?

SQL injection

Shell command injection

Session Hijacking

All the above answers

5.

MULTIPLE CHOICE QUESTION

2 mins • 1 pt

All the following methods are useful to reduce the risk of Shell Command Injection, except:

Managing without the shell

Avoiding user input in the command arguments

Avoiding 'Finger' and 'Sendmail' commands

Handling shell metacharacters

6.

MULTIPLE CHOICE QUESTION

2 mins • 1 pt

An attacker entered this input as email address when registering in a system. What attack he intend to perform?

Shell command injection

SQL injection

Session hijacking

Metacharacter injection

7.

MULTIPLE CHOICE QUESTION

2 mins • 1 pt

An attacker can modify queries that are sent to a database by playing with input to the web application. It describes ...

Shell Command Injection

SQL Injection

Cross-site Scripting

Session Hijacking

Create a free account and access millions of resources

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

12 questions

Session 2 - Hardware and Peripherals

Quiz

•

10th Grade - University

12 questions

Malware&Phishing

Quiz

•

University

10 questions

LINUX MODULE 03 QUIZ

Quiz

•

University

10 questions

SOAL : Pengenalan Basis Data

Quiz

•

University

12 questions

Cisco 2, Module 1

Quiz

•

University

10 questions

Basic Networking

Quiz

•

University

10 questions

Post-Test CoR AdvProg

Quiz

•

University

15 questions

IT Quiz

Quiz

•

University

Popular Resources on Wayground

5 questions

This is not a...winter edition (Drawing game)

Quiz

•

1st - 5th Grade

15 questions

4:3 Model Multiplication of Decimals by Whole Numbers

Quiz

•

5th Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

10 questions

The Best Christmas Pageant Ever Chapters 1 & 2

Quiz

•

4th Grade

12 questions

Unit 4 Review Day

Quiz

•

3rd Grade

10 questions

Identify Iconic Christmas Movie Scenes

Interactive video

•

6th - 10th Grade

20 questions

Christmas Trivia

Quiz

•

6th - 8th Grade

18 questions

Kids Christmas Trivia

Quiz

•

KG - 5th Grade

Discover more resources for Computers

26 questions

Christmas Movie Trivia

Lesson

•

8th Grade - Professio...

7 questions

Different Types of Energy

Interactive video

•

4th Grade - University

20 questions

Slopes and Slope-Intercept Form

Quiz

•

8th Grade - University

7 questions

Force and Motion

Interactive video

•

4th Grade - University

7 questions

Biomolecules (Updated)

Interactive video

•

11th Grade - University

20 questions

Winter/Holiday Trivia

Quiz

•

KG - University

10 questions

WINTER WIN Time - ELA - 12/9/2025

Quiz

•

KG - University

7 questions

Human Impact on Resources

Interactive video

•

4th Grade - University

Lesson 2 - Passing Data to Subsystems

10 questions

What is the main security problem with meta-characters, when a dynamic web applications pass data to a subsystem?

Any database server based on SQL will need to have quotes escaped in string constants.

The hyphens are not the main root of problem in SQL injection attack.

If a program run an external command using operating system, the risk of which attack is more probably increased?

All the following methods are useful to reduce the risk of Shell Command Injection, except:

An attacker entered this input as email address when registering in a system. What attack he intend to perform?

An attacker can modify queries that are sent to a database by playing with input to the web application. It describes ...

If we do not handle metacharacters, our SQL-based database application will be vulnerable to SQL injection attacks.

A good measure against SQL injection attack is to pass query parameters separately from the SQL statement itself.

Which statement is incorrect about blacklisting of metacharacters in Shell Command Injection?

Create a free account and access millions of resources

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Computers