Free Top CompTIA Pentest+ PT0-003 Actual Exam Questions - Question 7 Discussion
[Attacks and Exploits] A penetration tester finds that an application responds with the contents of the /etc/passwd file when the following payload is sent:
xml Copy code ]> &foo;
Which of the following should the tester recommend in the report to best prevent this type of vulnerability?
A vs C? While disabling external entities (C) is ideal to stop this vulnerability directly, sometimes apps absolutely need them for legit reasons. In those cases, just locking down file permissions (A) doesn’t stop the XML parser from reading sensitive files if it still processes external entities. So A alone isn’t really enough. If you can’t disable external entities, then more controls like WAF or patching the parser are necessary, but from the options given, C is usually the best recommendation if feasible.
C/D? I get why disabling external entities (C) is the solid fix since it cuts off the exploit at its root. But if the app depends on XML features that break when you disable those entities, a WAF (D) could act as a good safety net to catch these attacks before they hit the app. So, if disabling isn’t an option right away, D might be the practical next step. A and B don’t really address the core issue here.
Not B, frequent log reviews won’t stop the exploit itself.
C Disabling external entities directly stops the XXE vulnerability seen here. The other options might help, but they don’t fix the root cause like C does.
C, because disabling external entities directly stops XXE attacks.
Option C makes sense here since disabling external entities stops XXE attacks from reading files like /etc/passwd.