nerdexam
EC-Council

312-50V11 · Question #697

This is an attack that takes advantage of a web site vulnerability in which the site displays content that includes un-sanitized user-provided data. What is this attack?

The correct answer is A. Cross-site-scripting attack. Cross-site scripting (XSS) is the attack that exploits websites which reflect unsanitized user-supplied data back to browsers, enabling malicious script execution.

Hacking Web Applications

Question

This is an attack that takes advantage of a web site vulnerability in which the site displays content that includes un-sanitized user-provided data. What is this attack?

Options

  • ACross-site-scripting attack
  • BSQL Injection
  • CURL Traversal attack
  • DBuffer Overflow attack

How the community answered

(36 responses)
  • A
    86% (31)
  • B
    8% (3)
  • C
    3% (1)
  • D
    3% (1)

Why each option

Cross-site scripting (XSS) is the attack that exploits websites which reflect unsanitized user-supplied data back to browsers, enabling malicious script execution.

ACross-site-scripting attackCorrect

Cross-site scripting (XSS) occurs when a web application includes unvalidated and unencoded user input in its output, causing browsers to execute injected malicious scripts in the context of the victim's session. The attack directly leverages the website's failure to sanitize displayed user-provided data, allowing attackers to steal cookies, hijack sessions, or redirect users. XSS is classified as reflected, stored, or DOM-based depending on how the payload is delivered and persisted.

BSQL Injection

SQL injection targets the backend database by inserting malicious SQL statements into input fields, not by exploiting unsanitized data rendered in the browser.

CURL Traversal attack

URL traversal (path traversal) attacks manipulate file path references in requests to access restricted server-side directories, not content displayed within a web page.

DBuffer Overflow attack

Buffer overflow attacks exploit memory management by writing more data than a buffer can hold, causing crashes or arbitrary code execution at the OS or application level rather than through web page display.

Concept tested: Cross-site scripting XSS attack mechanism

Source: https://owasp.org/www-community/attacks/xss/

Topics

#cross-site scripting#XSS#input sanitization#web application vulnerability

Community Discussion

No community discussion yet for this question.

Full 312-50V11 Practice