Which statement is incorrect about blacklisting of metacharacters in Shell Command Injection?

Escaping shell metacharacters is easy with blacklisting.

We handle only the characters we know are unsafe.

It is not a good measure because we may easily miss some metacharacters.

Blacklist must contains all metacharacters of different shells, if we are not quite sure what kind of shell will be used.

Lesson 2 - Passing Data to Subsystems

Authored by Babak Brad

Computers

University

Used 58+ times

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

10 questions

Show all answers

MULTIPLE CHOICE QUESTION

2 mins • 1 pt

What is the main security problem with meta-characters, when a dynamic web applications pass data to a subsystem?

The parser may switch context from normal text to control command.

They may contain names, addresses, passwords, and some private information.

They contain raw data, instead of encrypted data.

The programmer is not able to handle them.

MULTIPLE CHOICE QUESTION

2 mins • 1 pt

Any database server based on SQL will need to have quotes escaped in string constants.

True

False

MULTIPLE CHOICE QUESTION

2 mins • 1 pt

The hyphens are not the main root of problem in SQL injection attack.

True

False

MULTIPLE CHOICE QUESTION

2 mins • 1 pt

If a program run an external command using operating system, the risk of which attack is more probably increased?

SQL injection

Shell command injection

Session Hijacking

All the above answers

MULTIPLE CHOICE QUESTION

2 mins • 1 pt

All the following methods are useful to reduce the risk of Shell Command Injection, except:

Managing without the shell

Avoiding user input in the command arguments

Avoiding 'Finger' and 'Sendmail' commands

Handling shell metacharacters

MULTIPLE CHOICE QUESTION

2 mins • 1 pt

An attacker entered this input as email address when registering in a system. What attack he intend to perform?

Shell command injection

SQL injection

Session hijacking

Metacharacter injection

MULTIPLE CHOICE QUESTION

2 mins • 1 pt

An attacker can modify queries that are sent to a database by playing with input to the web application. It describes ...

Shell Command Injection

SQL Injection

Cross-site Scripting

Session Hijacking

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

10 questions

tkinter quiz

Quiz

•

University

12 questions

ICT450-TOPIC 1

Quiz

•

University

12 questions

PBD - Revisão AV1 - 2025.1

Quiz

•

University

15 questions

Human Computer Interaction (HCI)

Quiz

•

University

10 questions

cybercrime

Quiz

•

12th Grade - University

13 questions

docker advance

Quiz

•

University

10 questions

Kuis soal KD 3.4 Remote Server

Quiz

•

10th Grade - University

11 questions

SIM - Infrastructure

Quiz

•

University

Popular Resources on Wayground

20 questions

STAAR Review Quiz #3

Quiz

•

8th Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

6 questions

Marshmallow Farm Quiz

Quiz

•

2nd - 5th Grade

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

20 questions

Inferences

Quiz

•

4th Grade

19 questions

Classifying Quadrilaterals

Quiz

•

3rd Grade

12 questions

What makes Nebraska's government unique?

Quiz

•

4th - 5th Grade

Discover more resources for Computers

20 questions

Disney Trivia

Quiz

•

University

10 questions

GMAS ELA Review

Quiz

•

KG - University

9 questions

Week 9 Recitation

Quiz

•

University

26 questions

Customary Measurement

Quiz

•

KG - University

20 questions

Easter trivia

Quiz

•

12th Grade - Professi...

Lesson 2 - Passing Data to Subsystems

What is the main security problem with meta-characters, when a dynamic web applications pass data to a subsystem?

Any database server based on SQL will need to have quotes escaped in string constants.

The hyphens are not the main root of problem in SQL injection attack.

If a program run an external command using operating system, the risk of which attack is more probably increased?

All the following methods are useful to reduce the risk of Shell Command Injection, except:

An attacker entered this input as email address when registering in a system. What attack he intend to perform?

An attacker can modify queries that are sent to a database by playing with input to the web application. It describes ...

If we do not handle metacharacters, our SQL-based database application will be vulnerable to SQL injection attacks.

A good measure against SQL injection attack is to pass query parameters separately from the SQL statement itself.

Which statement is incorrect about blacklisting of metacharacters in Shell Command Injection?

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Computers