nerdexam
EC-Council

312-50V10 · Question #13

Identify the web application attack where the attackers exploit vulnerabilities in dynamically generated web pages to inject client-side script into web pages viewed by other users.

The correct answer is B. Cross-Site Scripting (XSS). Identifies the web attack where malicious client-side scripts are injected into dynamically generated pages and executed in other users' browsers.

Hacking Web Applications

Question

Identify the web application attack where the attackers exploit vulnerabilities in dynamically generated web pages to inject client-side script into web pages viewed by other users.

Options

  • ASQL injection attack
  • BCross-Site Scripting (XSS)
  • CLDAP Injection attack
  • DCross-Site Request Forgery (CSRF)

How the community answered

(59 responses)
  • A
    2% (1)
  • B
    92% (54)
  • C
    2% (1)
  • D
    5% (3)

Why each option

Identifies the web attack where malicious client-side scripts are injected into dynamically generated pages and executed in other users' browsers.

ASQL injection attack

SQL injection manipulates backend database queries through unsanitized input fields and does not involve injecting scripts into pages seen by other users.

BCross-Site Scripting (XSS)Correct

Cross-Site Scripting (XSS) occurs when an application includes untrusted user-supplied data in its HTML output without proper validation or output encoding, causing the browser to execute attacker-injected scripts. The injected script runs in the security context of the vulnerable site, allowing the attacker to steal session tokens, deface pages, or redirect victims. XSS is unique in that the payload targets other users who view the compromised page, not the server directly.

CLDAP Injection attack

LDAP injection exploits improperly sanitized LDAP query construction to manipulate directory service lookups, not to deliver client-side scripts to browsers.

DCross-Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) tricks an already-authenticated user into submitting an unintended request, but it does not inject scripts into web pages viewed by third parties.

Concept tested: Cross-Site Scripting XSS attack identification

Source: https://owasp.org/www-community/attacks/xss/

Topics

#XSS#cross-site scripting#client-side injection#dynamic web pages

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice