312-50V13 · Question #166
312-50V13 Question #166: Real Exam Question with Answer & Explanation
The correct answer is A: Cross-site-scripting attack. Cross-site scripting (XSS) is a web vulnerability where unsanitized user input is reflected in web pages, allowing attackers to execute malicious scripts in other users' browsers.
Question
This is an attack that takes advantage of a web site vulnerability in which the site displays content that includes un-sanitized user-provided data. What is this attack?
Options
- ACross-site-scripting attack
- BSQL Injection
- CURL Traversal attack
- DBuffer Overflow attack
Explanation
Cross-site scripting (XSS) is a web vulnerability where unsanitized user input is reflected in web pages, allowing attackers to execute malicious scripts in other users' browsers.
Common mistakes.
- B. SQL Injection attacks involve injecting malicious SQL queries into data input fields to manipulate or extract data from a database, not to execute scripts in a user's browser via unsanitized display.
- C. URL Traversal (or Directory Traversal) attacks exploit vulnerabilities that allow an attacker to access files or directories outside the intended web root by manipulating path elements in a URL, which is different from script execution in a browser.
- D. Buffer Overflow attacks occur when a program attempts to write more data into a fixed-size buffer than it can hold, overwriting adjacent memory and potentially executing arbitrary code; this is a low-level memory vulnerability, typically server-side, not a web content display issue.
Concept tested. Cross-site scripting (XSS) vulnerability
Reference. https://owasp.org/www-community/attacks/xss/
Topics
Community Discussion
No community discussion yet for this question.