EC-Council
312-50V11 · Question #29
312-50V11 Question #29: Real Exam Question with Answer & Explanation
The correct answer is C: Cross-Site Request Forgery (CSRF). Cross-Site Request Forgery (CSRF) tricks an authenticated user's browser into sending unauthorized requests to a trusted site by exploiting the browser's automatic inclusion of session cookies. The victim performs actions they never intended.
Hacking Web Applications
Question
Which of the following attacks exploits web age vulnerabilities that allow an attacker to force an unsuspecting user's browser to send malicious requests they did not intend?
Options
- ACommand Injection Attacks
- BFile Injection Attack
- CCross-Site Request Forgery (CSRF)
- DHidden Field Manipulation Attack
Explanation
Cross-Site Request Forgery (CSRF) tricks an authenticated user's browser into sending unauthorized requests to a trusted site by exploiting the browser's automatic inclusion of session cookies. The victim performs actions they never intended.
Common mistakes.
- A. Command injection attacks insert operating system commands into vulnerable input fields to execute them on the server, which does not involve forging requests from a victim's browser.
- B. File injection attacks exploit insecure file inclusion or upload functionality to execute malicious files server-side, not to forge browser-based requests from victims.
- D. Hidden field manipulation involves an attacker directly modifying hidden HTML form values before submission, which is a client-side tampering attack and does not force an unsuspecting third-party user's browser to send requests.
Concept tested. Cross-Site Request Forgery attack mechanism
Reference. https://owasp.org/www-community/attacks/csrf
Topics
#CSRF#cross-site request forgery#web vulnerabilities#browser-based attack
Community Discussion
No community discussion yet for this question.