In an unpatched IIS web server, a path traversal exploit to cmd.exe could result in which outcome?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Prepare for the Computer Hacking Forensic Investigator v11 exam. Study with flashcards and multiple choice questions. Each question includes hints and explanations. Get exam-ready efficiently!

Multiple Choice

In an unpatched IIS web server, a path traversal exploit to cmd.exe could result in which outcome?

Explanation:
Path traversal flaws happen when user input that selects a file path isn’t properly checked, letting an attacker navigate up and across the server’s filesystem (for example, using …/ or ..\ sequences) and access files outside the intended directory. On an unpatched IIS web server, if an attacker can trigger a response that reaches cmd.exe through such a flaw, the server may end up exposing the contents of directories on the host—for instance, listing the C: drive. This exposure arises because the web server is returning directory information or file names from a location the attacker is not supposed to see, rather than enforcing strict access controls. So, the most plausible outcome is that the attacker could obtain a directory listing of the C: drive on the web server, which gives them visibility into the filesystem and potential targets. The other options describe more specific or require additional conditions (like write access or a specific memory vulnerability) that aren’t inherent to a basic path traversal issue.

Path traversal flaws happen when user input that selects a file path isn’t properly checked, letting an attacker navigate up and across the server’s filesystem (for example, using …/ or ..\ sequences) and access files outside the intended directory. On an unpatched IIS web server, if an attacker can trigger a response that reaches cmd.exe through such a flaw, the server may end up exposing the contents of directories on the host—for instance, listing the C: drive. This exposure arises because the web server is returning directory information or file names from a location the attacker is not supposed to see, rather than enforcing strict access controls.

So, the most plausible outcome is that the attacker could obtain a directory listing of the C: drive on the web server, which gives them visibility into the filesystem and potential targets. The other options describe more specific or require additional conditions (like write access or a specific memory vulnerability) that aren’t inherent to a basic path traversal issue.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy