Q: 7
[Handling and Responding to Web Application Attacks]
Oscar receives an email from an unknown source containing his domain name oscar.com. Upon
checking the link, he found that it contains a malicious URL that redirects to the website evilsite.org.
What type of vulnerability is this?
Options
Discussion
Option C makes more sense here. The key part is the malicious URL redirecting to evilsite.org, which fits unvalidated redirects and forwards from OWASP. D (SQL injection) would need details about database queries, but nothing in the scenario suggests that. Easy to mix up if you just see "malicious URL" though! Pretty sure it's C, open to discussion if I'm missing something.
C . Practice questions and the official ECC guide both match this scenario for unvalidated redirects.
Makes sense to pick C for this one.
Hard to say, C, saw a similar question in exam reports. Matches the scenario with redirects. Not totally sure, but C seems right here.
My vote is C since both the ECC official guide and lab exercises use very similar redirect scenarios for unvalidated redirects and forwards. Not a perfect match to malware or SQL injection. I think C lines up best, but open if someone can counter!
Malware looks right to me. A
C , because the main issue is the redirect to a malicious domain, which matches 'unvalidated redirects and forwards' from OWASP. There's nothing in the scenario about database access or SQL queries, so D doesn't fit here. Pretty sure C is the one, unless I'm missing some hidden detail.
Hate how they throw in weird names like "Bolen" just to trip you up. C
I was thinking A here just because it mentions a malicious URL.
A not C
Be respectful. No spam.
