Question 1

A site implements CSRF protection via double-submit cookies. You notice that SameSite is set to Lax. Which crafted request bypasses protection?

Options :

A :

B :

C :

D : Both B and C

Answer: D

Question 2

You gain SELECT access via SQLi on MySQL. You want SUPER privileges.

What technique applies?

Options :

A : Exploit INTO OUTFILE to drop reverse shell

B : Abuse SET GLOBAL general_log_file + write webshell

C : Elevate using UNION SELECT grant_option_priv

D : Modify mysql.user directly with injected UPDATE

Answer: D

Question 3

You need to exploit a CSRF in a stock trading platform. The target action is:

The app accepts requests only from Origin: https://trading.local.

Which CSRF payload is most likely to bypass defenses?

Options :

A :

B :

C :

D :

Answer: D

Question 4

During testing, you find a REST endpoint:

GET /api/v1/users/1234/profile

Authenticated as a normal user, you can access your own profile. Changing ID 1234 to 1001 retrieves another user’s data. Which methodology most reliably proves mass exploitation feasibility without detection?

Options :

A : Burp Intruder brute-forcing all IDs with 200 threads.

B : ffuf sequential fuzzing with -t 1 and rate limiting.

C : Using SQLMap to brute-force numeric IDs.

D : Writing a custom Python script with exponential backoff + anomaly detection bypass.

Answer: D

Question 5

You discover a DOM-based AngularJS template injection in a single-page application where user input is embedded in the following context:

The application uses AngularJS 1.6.4 (sandbox still partially intact) and the developer added:

$sceProvider.enabled(false);

Which payload would most reliably break out of the sandbox and execute alert(1337)?

Options :

A : {{constructor.constructor('alert(1337)')()}}

B : {{(a=toString().constructor)('alert(1337)')()}}

C : {{[].map.constructor('alert(1337)')()}}

D : {{[].sort.constructor('alert(1337)')()}}

Answer: C

Higher Test Marks with Free Online OSWA Exam Practice

Buying Options: