Question 1

You gain SELECT access via SQLi on MySQL. You want SUPER privileges.

What technique applies?

Options :

A : Exploit INTO OUTFILE to drop reverse shell

B : Abuse SET GLOBAL general_log_file + write webshell

C : Elevate using UNION SELECT grant_option_priv

D : Modify mysql.user directly with injected UPDATE

Answer: D

Question 2

You inject payload:

Which vulnerability chain is demonstrated?

Options :

A : Stored XSS → CSRF with session context

B : SQLi → Privilege escalation

C : CSRF → XSS → DoS

D : IDOR → XSS → CSRF

Answer: A

Question 3

* * * * * tar -czf /root/backup.tar /home/user/*

Which filenames trigger escalation? (Select all that apply)

Options :

A : --checkpoint=1

B : --checkpoint-action=exec=sh shell.sh

C : normal.txt

D : ../../etc/passwd

E : ; bash

Answer: A,B

Question 4

During testing, you find a REST endpoint:

GET /api/v1/users/1234/profile

Authenticated as a normal user, you can access your own profile. Changing ID 1234 to 1001 retrieves another user’s data. Which methodology most reliably proves mass exploitation feasibility without detection?

Options :

A : Burp Intruder brute-forcing all IDs with 200 threads.

B : ffuf sequential fuzzing with -t 1 and rate limiting.

C : Using SQLMap to brute-force numeric IDs.

D : Writing a custom Python script with exponential backoff + anomaly detection bypass.

Answer: D

Question 5

You discover a DOM-based AngularJS template injection in a single-page application where user input is embedded in the following context:

The application uses AngularJS 1.6.4 (sandbox still partially intact) and the developer added:

$sceProvider.enabled(false);

Which payload would most reliably break out of the sandbox and execute alert(1337)?

Options :

A : {{constructor.constructor('alert(1337)')()}}

B : {{(a=toString().constructor)('alert(1337)')()}}

C : {{[].map.constructor('alert(1337)')()}}

D : {{[].sort.constructor('alert(1337)')()}}

Answer: C

Free OSWA Mock Exam – Practice Online Confidently

Buying Options: