to determine whether the parameter is also vulnerable to reflected cross-site scripting"},{"@type":"Answer","text":"Submit ' OR '1'='1 to check whether the template engine passes input directly into a backend SQL query"}]}]}
🔥 3-day streak
CompTIA PenTest+ (PT0-003)125 / 175
Question 125 of 175

During a web application assessment, a penetration tester notices that a 'greeting name' parameter is reflected directly in a rendered page. To test for server-side template injection, the tester submits the payload {{7*7}} and the response body displays '49'. Which follow-up action best confirms the vulnerability can be leveraged for remote code execution on the Flask/Jinja2 backend?

Reviewed for accuracy · Report an issueNext question