🔥 3-day streak
CompTIA PenTest+ (PT0-003)49 / 175
Question 49 of 175
During a web application assessment, you intercept a POST request in Burp Suite and notice a base64-encoded parameter that decodes to a byte stream beginning with the hex signature 'AC ED 00 05'. The application is built on Apache Struts and uses this parameter to store session state. Which attack technique is MOST likely to lead to remote code execution against this endpoint?
Reviewed for accuracy · Report an issueNext question