nerdexam
EC-Council

312-50V11 · Question #161

An attacker changes the profile information of a particular user (victim) on the target website. The attacker uses this string to update the victim's profile to a text file and then submit the data to

The correct answer is A. Cross-Site Request Forgery. Cross-site request forgery, also known as one-click attack or session riding and abbreviated as CSRF (sometimes pronounced sea-surf) or XSRF, is a type of malicious exploit of a website where unauthorized commands are transmitted from a user that the website trusts. Different HTT

Hacking Web Applications

Question

An attacker changes the profile information of a particular user (victim) on the target website. The attacker uses this string to update the victim's profile to a text file and then submit the data to the attacker's database. style=""display:none""></iframe> What is this type of attack (that can use either HTTP GET or HTTP POST) called?

Options

  • ACross-Site Request Forgery
  • BSQL Injection
  • CBrowser Hacking
  • DCross-Site Scripting

How the community answered

(19 responses)
  • A
    68% (13)
  • B
    5% (1)
  • C
    21% (4)
  • D
    5% (1)

Explanation

Cross-site request forgery, also known as one-click attack or session riding and abbreviated as CSRF (sometimes pronounced sea-surf) or XSRF, is a type of malicious exploit of a website where unauthorized commands are transmitted from a user that the website trusts. Different HTTP request methods, such as GET and POST, have different level of susceptibility to CSRF attacks and require different levels of protection due to their different handling by web https://en.wikipedia.org/wiki/Cross-site_request_forgery

Topics

#CSRF#iframe injection#HTTP POST#web attacks

Community Discussion

No community discussion yet for this question.

Full 312-50V11 Practice