nerdexam
EC-Council

312-50V10 · Question #697

This is an attack that takes advantage of a web site vulnerability in which the site displays content that includes un-sanitized user-provided data. What is this attack?

The correct answer is A. Cross-site-scripting attack. Cross-site scripting (XSS) is the attack where a website reflects un-sanitized user input back to browsers, enabling malicious script execution in victims' sessions. It exploits a site's failure to validate or encode user-provided output.

Hacking Web Applications

Question

This is an attack that takes advantage of a web site vulnerability in which the site displays content that includes un-sanitized user-provided data. What is this attack?

Options

  • ACross-site-scripting attack
  • BSQL Injection
  • CURL Traversal attack
  • DBuffer Overflow attack

How the community answered

(36 responses)
  • A
    94% (34)
  • B
    3% (1)
  • C
    3% (1)

Why each option

Cross-site scripting (XSS) is the attack where a website reflects un-sanitized user input back to browsers, enabling malicious script execution in victims' sessions. It exploits a site's failure to validate or encode user-provided output.

ACross-site-scripting attackCorrect

XSS occurs when a web application includes unvalidated, un-sanitized user-supplied data in its HTML output, allowing attackers to inject client-side scripts that execute in other users' browsers. The attack leverages the browser's trust in content served from the legitimate site, enabling session hijacking, credential theft, or malicious redirects. The key indicator in this question is 'un-sanitized user-provided data displayed by the site,' which is the precise definition of reflected XSS.

BSQL Injection

SQL Injection targets back-end database queries by injecting malicious SQL syntax, not client-side script execution through unsanitized web page content.

CURL Traversal attack

URL traversal (path traversal) attacks manipulate file paths in URLs to access unauthorized server-side files, which is unrelated to injecting scripts into displayed content.

DBuffer Overflow attack

Buffer overflow attacks exploit memory management flaws in compiled applications to overwrite memory, which is unrelated to web content rendering or user-supplied HTML output.

Concept tested: Cross-site scripting (XSS) via unsanitized user input

Source: https://owasp.org/www-community/attacks/xss/

Topics

#cross-site scripting#input sanitization#web vulnerabilities#XSS

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice