nerdexam
EC-Council

312-50V10 · Question #329

A security analyst in an insurance company is assigned to test a new web application that will be used by clients to help them choose and apply for an insurance plan. The analyst discovers that the ap

The correct answer is C. Cross-site scripting. Injecting a client-side script tag into a web form input field that then executes in the browser is a textbook cross-site scripting (XSS) vulnerability.

Hacking Web Applications

Question

A security analyst in an insurance company is assigned to test a new web application that will be used by clients to help them choose and apply for an insurance plan. The analyst discovers that the application is developed in ASP scripting language and it uses MSSQL as a database backend. The analyst locates the application's search form and introduces the following code in the search input field:

IMG SRC=vbscript:msgbox("Vulnerable");> originalAttribute="SRC" originalPath="vbscript:msgbox ("Vulnerable");>" When the analyst submits the form, the browser returns a pop-up window that says "Vulnerable". Which web applications vulnerability did the analyst discover?

Options

  • ACross-site request forgery
  • BCommand injection
  • CCross-site scripting
  • DSQL injection

How the community answered

(30 responses)
  • A
    10% (3)
  • B
    3% (1)
  • C
    83% (25)
  • D
    3% (1)

Why each option

Injecting a client-side script tag into a web form input field that then executes in the browser is a textbook cross-site scripting (XSS) vulnerability.

ACross-site request forgery

Cross-site request forgery (CSRF) tricks an authenticated user's browser into sending unintended requests to a trusted site - it does not involve injecting scripts into input fields.

BCommand injection

Command injection targets server-side operating system commands via vulnerable application calls, not client-side browser script execution triggered by rendered HTML.

CCross-site scriptingCorrect

The analyst injected a VBScript-bearing IMG tag into the search input, and the application reflected it back to the browser without sanitization, causing the script to execute and display a pop-up. This is reflected XSS - unsanitized user input is echoed into the page response and interpreted as executable code by the browser. The ASP/MSSQL stack has no bearing on the client-side script injection mechanism itself.

DSQL injection

SQL injection manipulates the backend database query through input fields - the payload here contains no SQL syntax and the vulnerability manifests in the browser, not the database.

Concept tested: Cross-site scripting (XSS) identification via script injection

Source: https://owasp.org/www-community/attacks/xss/

Topics

#cross-site scripting#XSS#ASP#web application security

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice