🔥 3-day streak
CompTIA PenTest+ (PT0-003)18 / 175
Question 18 of 175

During a web application assessment, you find a network diagnostic feature that pings a user-supplied hostname. When you submit '127.0.0.1; whoami' the page returns only the normal ping output with no visible command result, and time-based payloads like '127.0.0.1 && sleep 10' produce no observable delay. You suspect command injection but cannot see any output. Which technique is MOST likely to confirm the vulnerability?

Reviewed for accuracy · Report an issueNext question