What type of attack involves an attacker accessing files in directories other than the root directory1. sql injection2. command injection3. xml injection4. directory traversal

SQL injection is a hacking technique used to attack SQL (Structured Query Language) database, in which malicious SQL statements are inserted into an entry field in other to gain access to unauthorized information or make alteration to important data, thus option 1 is not the answer

Command injection is an attack in which an hacker execute arbitrary commands on a server, thus option 2 is wrong.

XML injection is an attack in which the hacker seek to inject xml tags and data into a database so as to exploit the logic of the application, option 3 is also wrong.

Directory traversal also known Path Traversal is a web attack in which the attacker access files in directories other than the root directory. thus option 4 is correct.

mahamnasir mahamnasir · Answer 2 · 2020-01-18T12:17:00+01:00

Answer:

Directory traversal

Explanation:

Directory traversal a HTTP attack which allows that helps an intruder to access arbitrary files on the server running an application or access restricted directories and run commands outside of the root directory. This attack is aimed at using an infected program to obtain unauthorized access to the filesystem. This attack makes use of flaw in the security instead of leveraging the flaw in the application. Through directory traversal, an attacker is able to attack data, program, sensitive OS files, by writing to files on the server or modifying application data, consequently, taking control of the server.