312-50V10 · Question #13
Identify the web application attack where the attackers exploit vulnerabilities in dynamically generated web pages to inject client-side script into web pages viewed by other users.
The correct answer is B. Cross-Site Scripting (XSS). Identifies the web attack where malicious client-side scripts are injected into dynamically generated pages and executed in other users' browsers.
Question
Identify the web application attack where the attackers exploit vulnerabilities in dynamically generated web pages to inject client-side script into web pages viewed by other users.
Options
- ASQL injection attack
- BCross-Site Scripting (XSS)
- CLDAP Injection attack
- DCross-Site Request Forgery (CSRF)
How the community answered
(59 responses)- A2% (1)
- B92% (54)
- C2% (1)
- D5% (3)
Why each option
Identifies the web attack where malicious client-side scripts are injected into dynamically generated pages and executed in other users' browsers.
SQL injection manipulates backend database queries through unsanitized input fields and does not involve injecting scripts into pages seen by other users.
Cross-Site Scripting (XSS) occurs when an application includes untrusted user-supplied data in its HTML output without proper validation or output encoding, causing the browser to execute attacker-injected scripts. The injected script runs in the security context of the vulnerable site, allowing the attacker to steal session tokens, deface pages, or redirect victims. XSS is unique in that the payload targets other users who view the compromised page, not the server directly.
LDAP injection exploits improperly sanitized LDAP query construction to manipulate directory service lookups, not to deliver client-side scripts to browsers.
Cross-Site Request Forgery (CSRF) tricks an already-authenticated user into submitting an unintended request, but it does not inject scripts into web pages viewed by third parties.
Concept tested: Cross-Site Scripting XSS attack identification
Source: https://owasp.org/www-community/attacks/xss/
Topics
Community Discussion
No community discussion yet for this question.