Free The SecOps Group Certified-AppSec-Practitioner Exam Questions

Scan the code below and identify the vulnerability which is the most applicable for this scenario. 

Based on the screenshot below, which of the following statements is true?RequestGET /userProfile.php?sessionId=7576572ce164646de967c759643d53031 HTTP/1.1Host: example.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) Firefox/107.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-GB,en;q=0.5Accept-Encoding: gzip, deflateUpgrade-Insecure-Requests: 1Sec-Fetch-Dest: documentSec-Fetch-Mode: navigateSec-Fetch-Site: noneSec-Fetch-User: ?1Cookie: JSESSIONID=7576572ce164646de967c759643d53031Te: trailersConnection: keep-alivePrettyRaw | Hex | php | curl | ln | PrettyHTTP/1.1 200 OKDate: Fri, 09 Dec 2022 11:42:27 GMTServer: Apache/2.4.54 (Unix) OpenSSL/1.0.2k-fips PHP/8.0.25X-Powered-By: PHP/8.0.25Content-Length: 12746Content-Type: text/html; charset=UTF-8Connection: keep-aliveSet-Cookie: JSESSIONID=7576572ce164646de967c759643d53031; Path=/; HttpOnly

Based on the below request/response, which of the following statements is true?SendGET/dashboard.php?purl=http://attacker.com HTTP/1.1Host: example.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) Firefox/107.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-GB,en;q=0.5Accept-Encoding: gzip, deflateUpgrade-Insecure-Requests: 1Sec-Fetch-Dest: documentSec-Fetch-Mode: navigateSec-Fetch-Site: noneSec-Fetch-User: ?1Cookie: JSESSIONID=38RB5ECV10785B53AF29816E92E2E50Te: trailersConnection: keep-alivePrettyRaw | Hex | php | curl | ln | PrettyHTTP/1.1 302 Found 2022-12-03 17:38:18 GMTDate: Sat, 03 Dec 2022 17:38:18 GMTServer: Apache/2.4.54 (Unix) OpenSSL/1.0.2k-fips PHP/8.0.25X-Powered-By: PHP/8.0.25Content-Length: 0Content-Type: text/html; charset=UTF-8Connection: keep-aliveLocation:http://attacker.comSet-Cookie: JSESSIONID=38C5ECV10785B53AF29816E92E2E50; Path=/; HttpOnly

In the context of the Race Condition vulnerability, which of the following statements is true? 

Based on the below request/response, which of the following statements is true?SendGET/dashboard.php?purl=http://attacker.com HTTP/1.1Host: example.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) Firefox/107.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-GB,en;q=0.5Accept-Encoding: gzip, deflateUpgrade-Insecure-Requests: 1Sec-Fetch-Dest: documentSec-Fetch-Mode: navigateSec-Fetch-Site: noneSec-Fetch-User: ?1Cookie: JSESSIONID=38RB5ECV10785B53AF29816E92E2E50Te: trailersConnection: keep-alivePrettyRaw | Hex | php | curl | ln | PrettyHTTP/1.1 302 Found 2022-12-03 17:38:18 GMTDate: Sat, 03 Dec 2022 17:38:18 GMTServer: Apache/2.4.54 (Unix) OpenSSL/1.0.2k-fips PHP/8.0.25X-Powered-By: PHP/8.0.25Content-Length: 0Content-Type: text/html; charset=UTF-8Connection: keep-aliveLocation:http://attacker.comSet-Cookie: JSESSIONID=38C5ECV10785B53AF29816E92E2E50; Path=/; HttpOnly