CEH v13 Domain 5.2 Practice Test 003

This practice test covers Domain 5 (Web Application Hacking) Subdomain 2 (Hacking Web Applications) from the CEH v13 (312-50v13) exam blueprint (v5).

These questions are inspired by the EC-Council CEH exam and are designed to help you test your knowledge of ethical hacking tools, techniques, and methodologies. Some questions require multiple correct answers.

These are not official exam questions or brain dumps. They are original scenario-based questions created to reflect the skills and knowledge tested in the CEH exam.

Note: CEH and Certified Ethical Hacker are registered trademarks of EC-Council. This content is not affiliated with or endorsed by EC-Council.

To choose CEH practice tests based on specific domains and subdomains, click that link

CEH v13 Domain 5.2 Practice Test 003

10 questions • 8 single-answer, 2 multi-select

Question 1

Clark, a black-hat attacker targeting an enterprise banking web portal, intercepts an HTTP POST request during the login process and modifies the hidden form field value 'isAdmin=false' to 'isAdmin=true' before forwarding the request to the server. The application trusts the client-supplied value and elevates Clark's session privileges to administrator without any server-side validation. Which web application attack technique is Clark exploiting?

A. Parameter Tampering B. SQL Injection C. Cross-Site Request Forgery D. Clickjacking

Question 2

A penetration tester assessing an enterprise HR web application discovers that changing the numeric 'userId' parameter in the URL from his own ID (1042) to a colleague's ID (1041) grants him full access to that user's confidential salary records and performance reviews. The application performs no server-side authorization check to verify whether the requestor is entitled to the requested resource. Which web application vulnerability is being exploited?

A. Cross-Site Request Forgery B. Insecure Direct Object Reference C. Open Redirect D. Session Fixation

Question 3

Jane, a penetration tester auditing an online shopping platform, discovers that the only input validation for a coupon code field is implemented in client-side JavaScript. She disables JavaScript in her browser, submits an arbitrarily crafted coupon value of '-$500', and the server processes the request and applies a large negative discount to her total order. Which web application weakness did Jane exploit?

A. SQL Injection B. Client-Side Validation Bypass C. LDAP Injection D. Stored XSS

Question 4

Elijah, an attacker targeting a cloud-hosted travel booking application, sends a pre-generated session ID embedded in a crafted URL to a victim and waits for the victim to authenticate using that link. Once the victim logs in, the application fails to regenerate the session ID post-authentication, and Elijah uses the known session ID to access the now-authenticated session without ever needing the victim's credentials. Which session management attack has Elijah performed?

A. Session Sniffing B. Session Fixation C. Cross-Site Request Forgery D. Cookie Poisoning

Question 5

A security team conducting a web application assessment injects a script tag containing a JavaScript alert function into a product search field and submits the request to the application. The application immediately reflects the unsanitized input back in the HTML response, and the malicious script executes in the browser of any user who follows the crafted search URL. Which cross-site scripting attack type does this scenario represent?

A. Stored XSS B. Reflected XSS C. DOM-Based XSS D. LDAP Injection

Question 6

Select all that apply

A penetration tester hired to assess a retail web application uses Burp Suite's Spider module to crawl all accessible URLs and map directory structure, then uses Google dorks with 'site:target.com filetype:php' to identify publicly indexed endpoints not discovered through crawling. She also runs Nikto to identify known vulnerable paths, outdated frameworks, and exposed administrative interfaces on the web server. Which two activities from the web application hacking methodology are being performed? (Choose two)

A. Footprint Web Infrastructure B. Analyze Web Applications C. Attack Authentication Mechanism D. Attack Session Management Mechanism E. Attack Database Connectivity

Question 7

Clark, a security researcher assessing an airline ticket booking web application, discovers that the application does not re-validate the ticket price between when it is added to the cart and when the purchase is finalized. He intercepts the checkout request with Burp Suite, changes the price parameter from $850 to $1, and the server processes the transaction and issues a valid booking confirmation at the manipulated price. Which web application attack category does this demonstrate?

A. SQL Injection B. Application Logic Flaw C. Cross-Site Request Forgery D. Open Redirect

Question 8

A security analyst reviewing findings from a web services assessment notes that an attacker submitted a crafted SOAP envelope containing unescaped XML special characters that broke the application's XML parser and caused the service to return verbose error messages disclosing database table and column names. The attacker then used the disclosed schema information to craft further queries against the back-end database through the same SOAP interface. Which attack technique is being described?

A. SQL Injection B. XML Injection C. JSON Hijacking D. LDAP Injection

Question 9

Select all that apply

During a web application penetration test against a financial institution's customer portal, the security team identifies two distinct client-side attack conditions: in the first, injected JavaScript from a vulnerable advertisement widget reads the victim's session cookie and exfiltrates it because the cookie lacks the HttpOnly attribute; in the second, a crafted phishing link causes an authenticated user's browser to silently submit a fund transfer that the application processes because it does not validate anti-CSRF tokens. Which two attack techniques are represented? (Choose two)

A. Clickjacking B. Cross-Site Scripting (XSS) C. Cross-Site Request Forgery (CSRF) D. Open Redirect E. Session Fixation

Question 10

Elijah, an attacker who obtained limited write access to an enterprise web server's document upload module, exploits an unrestricted file upload vulnerability to upload a PHP file named 'update.php' to a publicly accessible directory. He then browses directly to the file's URL and gains the ability to execute arbitrary operating system commands on the underlying server through the browser interface. Which technique has Elijah deployed?

A. Remote File Inclusion B. Web Shell C. SQL Injection D. Cross-Site Request Forgery

Related Posts

Leave a Comment Cancel Reply