CAS-001 · Question #71
CAS-001 Question #71: Real Exam Question with Answer & Explanation
The correct answer is D: Cross-site scripting. The code directly echoes user-supplied input from $_REQUEST['username'] into the HTML response without any sanitization or encoding: echo "Your username is: " . $_REQUEST['username'];. An attacker can inject malicious JavaScript (e.g., <script>document.cookie</script>) as the use
Question
AuthenticatedArea.php'? <html><head><title>AuthenticatedArea</title></head> <? include ("/inc/common.php"); $username = $_REQUEST[username']; if ($username != "") { echo "Your username is: " . $_REQUEST[`username']; }else { header)("location: /login.php" } ?> </html>Options
- AHeader manipulation
- BAccount disclosure
- CUnvalidated file inclusion
- DCross-site scripting
Explanation
The code directly echoes user-supplied input from $_REQUEST['username'] into the HTML response without any sanitization or encoding: echo "Your username is: " . $_REQUEST['username'];. An attacker can inject malicious JavaScript (e.g., <script>document.cookie</script>) as the username value, which will be rendered and executed in any victim's browser that views the page. This is a textbook reflected Cross-Site Scripting (XSS) vulnerability. The other options don't apply: header manipulation would involve injecting CRLF sequences into headers, account disclosure would involve leaking credentials, and file inclusion requires a file path being passed to include/require - none of which are present here.
Community Discussion
No community discussion yet for this question.