EC-Council
312-50V10 · Question #7
312-50V10 Question #7: Real Exam Question with Answer & Explanation
The correct answer is A: Cross-site request forgery. Cross-site request forgery (CSRF) tricks an authenticated user's browser into sending an unauthorized request to a server on the attacker's behalf. The server acts on the request because it carries the victim's valid session credentials.
Hacking Web Applications
Question
What type of vulnerability/attack is it when the malicious person forces the user's browser to send an authenticated request to a server?
Options
- ACross-site request forgery
- BCross-site scripting
- CSession hijacking
- DServer side request forgery
Explanation
Cross-site request forgery (CSRF) tricks an authenticated user's browser into sending an unauthorized request to a server on the attacker's behalf. The server acts on the request because it carries the victim's valid session credentials.
Common mistakes.
- B. Cross-site scripting (XSS) involves injecting malicious scripts into web pages that execute in other users' browsers, targeting the client side - it does not force the browser to send authenticated requests to a server.
- C. Session hijacking involves stealing or intercepting an active session token so the attacker can impersonate the user directly, rather than forcing the victim's own browser to send the request.
- D. Server-side request forgery (SSRF) causes the server itself to make requests to internal or external resources on the attacker's behalf, not the user's browser.
Concept tested. Cross-site request forgery (CSRF) attack mechanism
Reference. https://owasp.org/www-community/attacks/csrf
Topics
#CSRF#authenticated request forgery#browser exploitation#web application attacks
Community Discussion
No community discussion yet for this question.