The SecOps Group Related Exams
CAP Exam

The DNS entries for and both point to the same IP address i.e., 1.3.3.7. How does the web server know which web application is being requested by the end user's browser?
Null Byte Injection is an active exploitation technique used to bypass sanity-checking filters in web applications by adding a URL-encoded null byte character to the user-supplied data. Which of the following is a URL-encoded representation of a null byte?
An application’s forget password functionality is described below:
The user enters their email address and receives a message on the web page:
“If the email exists, we will email you a link to reset the password”
The user also receives an email saying:
“Please use the link below to create a new password:”
(Note that the developer has included a one-time random token with the ‘userId’ parameter in the link). So, the link seems like:
&token=70e7803e-bf53-45e1-8a3f-fb15da7de3a0
Will this mechanism prevent an attacker from resetting arbitrary users’ passwords?