312-50V13 · Question #378
What type of a vulnerability/attack is it when the malicious person forces the user's browser to send an authenticated request to a server?
The correct answer is C. Cross-site request forgery. Cross-Site Request Forgery (CSRF) is an attack where a malicious actor tricks a user's browser into sending an authenticated request to a trusted server without the user's knowledge.
Question
Options
- ASession hijacking
- BServer side request forgery
- CCross-site request forgery
- DCross-site scripting
How the community answered
(61 responses)- A7% (4)
- B2% (1)
- C89% (54)
- D3% (2)
Why each option
Cross-Site Request Forgery (CSRF) is an attack where a malicious actor tricks a user's browser into sending an authenticated request to a trusted server without the user's knowledge.
Session hijacking involves an attacker taking over an active user session, often by stealing session tokens, rather than forcing the user's browser to send forged requests.
Server-Side Request Forgery (SSRF) occurs when a web server is tricked into making requests to an arbitrary domain on behalf of an attacker, typically targeting internal resources.
Cross-Site Request Forgery (CSRF) is an attack that tricks a user's browser into performing unwanted actions on a web application where they are currently authenticated. The attacker crafts a malicious request and embeds it into a seemingly harmless link or image, which, when loaded by the victim's browser, sends an authenticated request to the vulnerable server.
Cross-Site Scripting (XSS) involves injecting malicious scripts into trusted websites, which are then executed in the victim's browser, but it doesn't directly force authenticated requests to the server in the same manner as CSRF.
Concept tested: Cross-Site Request Forgery (CSRF)
Source: https://learn.microsoft.com/en-us/aspnet/core/security/anti-request-forgery?view=aspnetcore-8.0
Topics
Community Discussion
No community discussion yet for this question.