312-50V12 Question #47: Real Exam Question with Answer & Explanation

Question

Judy created a forum. One day, she discovers that a user is posting strange images without writing comments. She immediately calls a security expert, who discovers that the following code is hidden behind those images: What issue occurred for the users who clicked on the image?

Options

• AThis php file silently executes the code and grabs the user's session cookie and session ID.
• BThe code redirects the user to another site.
• CThe code injects a new cookie to the browser.
• DThe code is a virus that is attempting to gather the user's username and password.

Explanation

This question describes a Cross-Site Scripting (XSS) attack where malicious PHP/JavaScript code is embedded behind images in a forum to steal session data from users who click on them.

Common mistakes.

• B. While some XSS payloads can redirect users, the scenario specifically describes code hidden behind images designed to steal session data, not perform a redirect, and no window.location or redirect logic is indicated.
• C. The attack is focused on reading and stealing existing session cookies rather than injecting new cookies into the browser; cookie injection is a different attack vector not described here.
• D. This is not a virus targeting usernames and passwords directly; it is a session hijacking attack that steals active session tokens, which is technically distinct from credential harvesting malware or keyloggers.

Concept tested. XSS session hijacking via malicious forum image code

Reference. https://owasp.org/www-community/attacks/xss/

No community discussion yet for this question.