Comprehensive and Detailed Explanation:
The attack shown is a Directory Traversal Attack. It uses URL encoding (hexadecimal obfuscation) to bypass input filters and access unauthorized files such as /etc/passwd.
%2e = . (dot)
%2f = / (forward slash)
So, ../../../etc/passwd becomes %2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64
The best protection against this attack is to:
Normalize and sanitize user input on the server.
Deny directory traversal patterns, whether encoded or not.
Specifically reject or deny hex-encoded path characters (%2e, %2f, etc.)
Option A directly mitigates this by preventing the server from decoding and processing hex-encoded directory traversal attempts.
From CEH v13 Courseware:
Module 10: Web Application Hacking
Topic: Directory Traversal and Input Validation
Incorrect Options:
B: IDS can alert, but it’s reactive rather than preventative.
C: SSL encrypts communication but does not prevent path traversal.
D: Active script detection is unrelated to path traversal attacks.
[Reference:CEH v13 Study Guide – Module 10: Directory Traversal MitigationOWASP Top 10 – A5:2017 – Broken Access Control (Directory Traversal)RFC 3986 – URI Syntax and Encoding, , , , , , ]
