Question 1

You want to discover hidden parameters influenced by a CDN.

What is the best initial approach in Burp?

Options :

A : Intruder Sniper with FUZZ in the query string

B : Use Param Miner extension with both “Guess headers” and “Add custom parameter names from traffic” enabled

C : Use Proxy → HTTP history and manually diff responses

D : Use Comparer to compare two baseline responses

Answer: B

Question 2

A WAF blocks single quotes '. Which payload bypasses it to fetch database()?

Options :

A : 0x61646d696e AND database()=0x61646d696e

B : AND database()=HEX('admin')

C : AND database()=0x61646d696e

D : UNION SELECT 0x61646d696e

Answer: C

Question 3

You gain SELECT access via SQLi on MySQL. You want SUPER privileges.

What technique applies?

Options :

A : Exploit INTO OUTFILE to drop reverse shell

B : Abuse SET GLOBAL general_log_file + write webshell

C : Elevate using UNION SELECT grant_option_priv

D : Modify mysql.user directly with injected UPDATE

Answer: D

Question 4

Developer says “we sanitize server output.” You suspect a DOM sink. Which minimal probe best surfaces a client-side sink without server reflection?

Options :

A :

B :

C :

D :

Answer: C

Question 5

You inject payload:

Which vulnerability chain is demonstrated?

Options :

A : Stored XSS → CSRF with session context

B : SQLi → Privilege escalation

C : CSRF → XSS → DoS

D : IDOR → XSS → CSRF

Answer: A

Free OSWA Mock Exam – Practice Online Confidently