OSCP Web Application Attacks

Question 1

What type of SQL injection allows an attacker to retrieve data by asking the database true/false questions?

Accepted Answer

Boolean-based blind SQL injection

Answer

Union-based SQL injection

Answer

Error-based SQL injection

Answer

Out-of-band SQL injection

Question 2

Which SQLmap flag is used to attempt to read files from the target server's filesystem?

Accepted Answer

--file-read

Answer

--dump

Answer

--os-shell

Answer

--sql-query

Question 3

What is a Local File Inclusion (LFI) vulnerability in web applications?

Accepted Answer

An application that allows reading local server files by manipulating file path parameters

Answer

Including remote malicious scripts via JavaScript

Answer

A CSS injection via local style sheets

Answer

SQL injection that reads local database files

Question 4

What is the purpose of using Burp Suite's Intruder module during OSCP web application testing?

Accepted Answer

Automated attacks like brute-forcing, fuzzing, and parameter manipulation

Answer

Passive scanning of web traffic only

Answer

Decrypting SSL/TLS traffic

Answer

Managing cookies across browser sessions

Question 5

Which HTTP method, if enabled on a web server, can allow an attacker to upload malicious files?

Accepted Answer

PUT

Answer

GET

Answer

OPTIONS

Answer

TRACE

Question 6

What vulnerability exists when a web application passes user-supplied input directly to a system shell command?

Accepted Answer

OS Command Injection

Answer

Cross-Site Scripting (XSS)

Answer

Server-Side Request Forgery (SSRF)

Answer

XML External Entity (XXE) Injection