ExamGecko
Question list
Search
Search

List of questions

Search

Related questions











Question 4 - 312-96 discussion

Report
Export

Alice works as a Java developer in Fygo software Services Ltd. He is given the responsibility to design a bookstore website for one of their clients. This website is supposed to store articles in .pdf format. Alice is advised by his superior to design ArticlesList.jsp page in such a way that it should display a list of all the articles in one page and should send a selected filename as a query string to redirect users to articledetails.jsp page.

Alice wrote the following code on page load to read the file name.

String myfilename = request.getParameter('filename');

String txtFileNameVariable = myfilename;

String locationVariable = request.getServletContext().getRealPath('/');

String PathVariable = '';

PathVariable = locationVariable + txtFileNameVariable;

BufferedInputStream bufferedInputStream = null;

Path filepath = Paths.get(PathVariable);

After reviewing this code, his superior pointed out the security mistake in the code and instructed him not repeat the same in future. Can you point the type of vulnerability that may exist in the above code?

A.
URL Tampering vulnerability
Answers
A.
URL Tampering vulnerability
B.
Form Tampering vulnerability
Answers
B.
Form Tampering vulnerability
C.
XSS vulnerability
Answers
C.
XSS vulnerability
D.
Directory Traversal vulnerability
Answers
D.
Directory Traversal vulnerability
Suggested answer: D
asked 18/09/2024
Tony Minjarez
41 questions
User
Your answer:
0 comments
Sorted by

Leave a comment first