In one of Dion Training’s practice exam for CompTIA CySA+ CS0-003. The question has an example URL:
https://www.diontraining.com/add_to_cart.php?itemId=5"+perItemPrice="0.00"+quantity="100"+/>
My question is, is XML injection as common as Cross-Site Scripting (XSS) injection In URLs? I know a lot about SQL and XSS injection, but since I’m renewing my CompTIA CySA+ certification which expires August 23, 2025, I’ve never seen XML injection in URL before. I chose SQL injection because XSS injection is not in one of the answers, but when I see the /> at the end, it seems like I should have chosen XML injection in one of the answers…
XML injection is less common than XSS or SQL injection, but if a URL includes XML-like syntax (e.g., attr="value" and />), it’s likely XML injection. In your example, XML injection is the correct answer.
1 Like
Thank you very much. I would never have expected to see something like this in the practice exam, less likely in an actual exam.
And speaking of Dion Training (this is unrelated to XML injection through URL), I came across some words that I did not recognize, such as “cocurrence” (it means “agreement” according to some searching online) and “deperimeterization.” That “deperimeterization” is a hard word to say at first. It seems logic dictates that if I do not recognize the words in one of the answers, I’m more likely to get the questions wrong. It’s as though the correct answers are the ones that have unrecognizable words. I never experienced that in Exam Cram practice exams and in the actual exam 3 years ago! (sigh) 