| 1 comments ]

1 Which of the following will extract the TLD (top level domain) of ".net" from the string?

2 Which php.ini directive should be disabled to prevent the execution of a remote PHP script via an include or require construct?

3 Consider the following code:

<?php
header("Location: {$_GET['url']}");
?>

Which of the following values of $_GET['url'] would cause session fixation?

Session Fixation is not possible with this code snippet
http://http://phpqa.blogspot.com//?PHPSESSID=123
PHPSESSID%611243
Set-Cookie%3A+PHPSESSID%611234
http://phpqa.blogspot.com/%2F%0D%0ASet-Cookie%3A+PHPSESSID%611234

4 Which of the following are not true about streams?

They are always seekable
When used properly they significantly reduce memory consumption
They can be applied to any data source
They are always bi-directional
They can be filtered

5 When using a function such as strip_tags, are markup-based attacks still possible?
Answer...
No, HTML does not pose any security risks
Yes, even a <p> HTML tag is a security risk
Yes, attributes of allowed tags are ignored
No, strip_tags will prevent any markup-based attack


Please answer through the comments I will make it publish on blog..............

1 comments

tahsin said... @ Saturday, August 1, 2009 at 3:21:00 PM GMT+1
This comment has been removed by a blog administrator.

Post a Comment

Please put your comments here. your questions, your suggestions, also what went wrong with me.