nerdexam
EC-Council

312-50V13 · Question #378

What type of a vulnerability/attack is it when the malicious person forces the user's browser to send an authenticated request to a server?

The correct answer is C. Cross-site request forgery. Cross-Site Request Forgery (CSRF) is an attack where a malicious actor tricks a user's browser into sending an authenticated request to a trusted server without the user's knowledge.

Submitted by jian89· Mar 6, 2026Hacking Web Applications

Question

What type of a vulnerability/attack is it when the malicious person forces the user's browser to send an authenticated request to a server?

Options

  • ASession hijacking
  • BServer side request forgery
  • CCross-site request forgery
  • DCross-site scripting

How the community answered

(61 responses)
  • A
    7% (4)
  • B
    2% (1)
  • C
    89% (54)
  • D
    3% (2)

Why each option

Cross-Site Request Forgery (CSRF) is an attack where a malicious actor tricks a user's browser into sending an authenticated request to a trusted server without the user's knowledge.

ASession hijacking

Session hijacking involves an attacker taking over an active user session, often by stealing session tokens, rather than forcing the user's browser to send forged requests.

BServer side request forgery

Server-Side Request Forgery (SSRF) occurs when a web server is tricked into making requests to an arbitrary domain on behalf of an attacker, typically targeting internal resources.

CCross-site request forgeryCorrect

Cross-Site Request Forgery (CSRF) is an attack that tricks a user's browser into performing unwanted actions on a web application where they are currently authenticated. The attacker crafts a malicious request and embeds it into a seemingly harmless link or image, which, when loaded by the victim's browser, sends an authenticated request to the vulnerable server.

DCross-site scripting

Cross-Site Scripting (XSS) involves injecting malicious scripts into trusted websites, which are then executed in the victim's browser, but it doesn't directly force authenticated requests to the server in the same manner as CSRF.

Concept tested: Cross-Site Request Forgery (CSRF)

Source: https://learn.microsoft.com/en-us/aspnet/core/security/anti-request-forgery?view=aspnetcore-8.0

Topics

#CSRF#web attack#browser security

Community Discussion

No community discussion yet for this question.

Full 312-50V13 Practice