312-50V11 · Question #697
This is an attack that takes advantage of a web site vulnerability in which the site displays content that includes un-sanitized user-provided data. What is this attack?
The correct answer is A. Cross-site-scripting attack. Cross-site scripting (XSS) is the attack that exploits websites which reflect unsanitized user-supplied data back to browsers, enabling malicious script execution.
Question
This is an attack that takes advantage of a web site vulnerability in which the site displays content that includes un-sanitized user-provided data. What is this attack?
Options
- ACross-site-scripting attack
- BSQL Injection
- CURL Traversal attack
- DBuffer Overflow attack
How the community answered
(36 responses)- A86% (31)
- B8% (3)
- C3% (1)
- D3% (1)
Why each option
Cross-site scripting (XSS) is the attack that exploits websites which reflect unsanitized user-supplied data back to browsers, enabling malicious script execution.
Cross-site scripting (XSS) occurs when a web application includes unvalidated and unencoded user input in its output, causing browsers to execute injected malicious scripts in the context of the victim's session. The attack directly leverages the website's failure to sanitize displayed user-provided data, allowing attackers to steal cookies, hijack sessions, or redirect users. XSS is classified as reflected, stored, or DOM-based depending on how the payload is delivered and persisted.
SQL injection targets the backend database by inserting malicious SQL statements into input fields, not by exploiting unsanitized data rendered in the browser.
URL traversal (path traversal) attacks manipulate file path references in requests to access restricted server-side directories, not content displayed within a web page.
Buffer overflow attacks exploit memory management by writing more data than a buffer can hold, causing crashes or arbitrary code execution at the OS or application level rather than through web page display.
Concept tested: Cross-site scripting XSS attack mechanism
Source: https://owasp.org/www-community/attacks/xss/
Topics
Community Discussion
No community discussion yet for this question.