312-50V13 · Question #620
312-50V13 Question #620: Real Exam Question with Answer & Explanation
Sign in or unlock 312-50V13 to reveal the answer and full explanation for question #620. The question stem and answer options stay visible for context.
Question
As part of a penetration testing team, you've discovered a web application vulnerable to Cross- Site Scripting (XSS). The application sanitizes inputs against standard XSS payloads but fails to filter out HTML-encoded characters. On further analysis, you've noticed that the web application uses cookies to track session IDs. You decide to exploit the XSS vulnerability to steal users' session cookies. However, the application implements HTTPOnly cookies, complicating your original plan. Which of the following would be the most viable strategy for a successful attack?
Options
- ABuild an XSS payload using HTML encoding and use it to exploit the server-side code, potentially
- BDevelop a browser exploit to bypass the HTTPOnly restriction, then use a HTML-encoded XSS
- CUtilize an HTML-encoded XSS payload to trigger a buffer overflow attack, forcing the server to
- DCreate a sophisticated XSS payload that leverages HTML encoding to bypass the input
Unlock 312-50V13 to see the answer
You've previewed enough free 312-50V13 questions. Unlock 312-50V13 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.