Increase your chances of passing the OffSec OSWA exam questions on your first try. Practice with our free online OSWA exam mock test designed to help you prepare effectively and confidently.
A healthcare portal blocks standard CSRF
You discover a DOM-based AngularJS template injection in a single-page application where user input is embedded in the following context:
The application uses AngularJS 1.6.4 (sandbox still partially intact) and the developer added:
$sceProvider.enabled(false);
Which payload would most reliably break out of the sandbox and execute alert(1337)?
You want to enumerate hidden admin panels on https://corp.example/ while avoiding common noise. Requirements:
Ignore responses with status codes 302 and 403.
Match only responses containing “Admin” or “Control Panel” (case-insensitive).
Randomize User-Agent each request from ua.txt.
Throttle requests to bypass rate-limiting.
Which ffuf command lines satisfy all requirements? (Select all that apply)
An image thumbnailer service accepts a url and fetches the image server-side. The server runs inside AWS. You can supply gopher:// URIs.
Which chain most likely yields temporary AWS credentials that let you enumerate S3 buckets in the same account?
You want to enumerate hidden admin panels on https://corp.example/ while avoiding common noise. Requirements:
Ignore responses with status codes 302 and 403.
Match only responses containing “Admin” or “Control Panel” (case-insensitive).
Randomize User-Agent each request from ua.txt.
Throttle requests to bypass rate-limiting.
Which ffuf command lines satisfy all requirements? (Select all that apply)
© Copyrights FreeMockExams 2026. All Rights Reserved
We use cookies to ensure that we give you the best experience on our website (FreeMockExams). If you continue without changing your settings, we'll assume that you are happy to receive all cookies on the FreeMockExams.
Full Access to 180 Questions