Question 1

During testing, you find a REST endpoint:

GET /api/v1/users/1234/profile

Authenticated as a normal user, you can access your own profile. Changing ID 1234 to 1001 retrieves another user’s data. Which methodology most reliably proves mass exploitation feasibility without detection?

Options :

A : Burp Intruder brute-forcing all IDs with 200 threads.

B : ffuf sequential fuzzing with -t 1 and rate limiting.

C : Using SQLMap to brute-force numeric IDs.

D : Writing a custom Python script with exponential backoff + anomaly detection bypass.

Answer: D

Question 2

* * * * * tar -czf /root/backup.tar /home/user/*

Which filenames trigger escalation? (Select all that apply)

Options :

A : --checkpoint=1

B : --checkpoint-action=exec=sh shell.sh

C : normal.txt

D : ../../etc/passwd

E : ; bash

Answer: A,B

Question 3

What’s the most reliable exploit?

Options :

A :

B :

C :

D :

Answer: D

Question 4

A WAF blocks single quotes '. Which payload bypasses it to fetch database()?

Options :

A : 0x61646d696e AND database()=0x61646d696e

B : AND database()=HEX('admin')

C : AND database()=0x61646d696e

D : UNION SELECT 0x61646d696e

Answer: C

Question 5

You inject payload:

Which vulnerability chain is demonstrated?

Options :

A : Stored XSS → CSRF with session context

B : SQLi → Privilege escalation

C : CSRF → XSS → DoS

D : IDOR → XSS → CSRF

Answer: A