EC-Council
312-50V9 · Question #103
312-50V9 Question #103: Real Exam Question with Answer & Explanation
Sign in or unlock 312-50V9 to reveal the answer and full explanation for question #103. The question stem and answer options stay visible for context.
Question
A security analyst in an insurance company is assigned to test a new web application that will be used by clients to help them choose and apply for an insurance plan. The analyst discovers that the application is developed in ASP scripting language and it uses MSSQL as a database backend. The analyst locates the application's search form and introduces the following code in the search input field: IMG SRC=vbscript:msgbox("Vulnerable");> originalAttribute="SRC" originalPath="vbscript:msgbox ("Vulnerable");>" When the analyst submits the form, the browser returns a pop-up window that says "Vulnerable". Which web applications vulnerability did the analyst discover?
Options
- ACross-site request forgery
- BCommand injection
- CCross-site scripting
- DSQL injection
Unlock 312-50V9 to see the answer
You've previewed enough free 312-50V9 questions. Unlock 312-50V9 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.