Free Top CompTIA Pentest+ PT0-003 Actual Exam Questions - Question 1 Discussion
[Attacks and Exploits] A penetration tester is trying to get unauthorized access to a web application and executes the following command:
GET /foo/images/file?id=2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2fetc%2fpasswd
Which of the following web application attacks is the tester performing?
It’s C for sure. The encoded ../ patterns clearly show an attempt to break out of a restricted folder and access a sensitive file, which perfectly matches directory traversal.
Option C stands out here because the attacker uses encoded ../ sequences to climb out of the allowed directory and access /etc/passwd, which is a classic directory traversal move. The key point is they’re trying to read a system file by tricking the path resolution, not necessarily including that file in a script or exploiting a reference flaw. So it fits directory traversal more than local file inclusion or other options.
C imo, because the key here is the attempt to move up directories using encoded ../ sequences to access a sensitive file like /etc/passwd. That’s textbook directory traversal, trying to bypass the file system restrictions. Local File Inclusion usually involves including a file inside the app’s execution context, but this looks more like just trying to read a file outside the allowed directory. So it fits directory traversal better.
Maybe C because the encoded ../ sequences suggest the tester is trying to navigate up directories to access restricted files, which fits directory traversal more than inclusion or object reference.
C/D? It looks like the tester is trying to traverse up directories with those %2e%2e codes, which is classic directory traversal. But since the URL is fetching a file with an ID param, it might be pulling in a local file through user input, suggesting Local File Inclusion. Without knowing if the file’s content is just read or executed, it’s tricky. If it’s just reading the passwd file, C feels right; if the app includes and runs the file, then D fits better. My gut says C since passwd is usually just read, not executed.
D imo, since the request looks like it’s trying to pull a file rather than just access it directly. Local File Inclusion often involves including files via parameters, which fits the pattern here better than just traversal.
It’s C, classic directory traversal with those %2e%2e slashes.