EC-Council
312-50V10 · Question #29
312-50V10 Question #29: Real Exam Question with Answer & Explanation
The correct answer is C. Cross-Site Request Forgery (CSRF). Cross-Site Request Forgery (CSRF) exploits the trust a web application has in an authenticated user's browser by tricking it into sending unauthorized requests on the user's behalf.
Hacking Web Applications
Question
Which of the following attacks exploits web age vulnerabilities that allow an attacker to force an unsuspecting user's browser to send malicious requests they did not intend?
Options
- ACommand Injection Attacks
- BFile Injection Attack
- CCross-Site Request Forgery (CSRF)
- DHidden Field Manipulation Attack
Explanation
Cross-Site Request Forgery (CSRF) exploits the trust a web application has in an authenticated user's browser by tricking it into sending unauthorized requests on the user's behalf.
Common mistakes.
- A. Command Injection attacks target server-side input fields to execute operating system commands on the server itself and do not involve forging requests through a victim's browser.
- B. File Injection attacks involve inserting or including malicious files into a web application's file handling routines and are not concerned with forcing a browser to send unintended requests.
- D. Hidden Field Manipulation involves tampering with hidden HTML form values to alter submitted data, which requires the attacker to directly modify a request rather than tricking a victim's browser into sending one.
Concept tested. Cross-Site Request Forgery (CSRF) attack mechanism
Reference. https://owasp.org/www-community/attacks/csrf
Topics
#CSRF#cross-site request forgery#web vulnerabilities#session
Community Discussion
No community discussion yet for this question.