CAS-005 · Question #95
CAS-005 Question #95: Real Exam Question with Answer & Explanation
The correct answer is C: Stored XSS. The provided code snippet shows a script that captures the user's cookies and sends them to a remote server. This type of attack is characteristic of Cross-Site Scripting (XSS), specifically stored XSS, where the malicious script is stored on the target server (e.g., in a databas
Question
During a forensic review of a cybersecurity incident, a security engineer collected a portion of the payload used by an attacker on a comprised web server. Given the following portion of the code: Which of the following best describes this incident?
Options
- AXSRF attack
- BCommand injection
- CStored XSS
- DSQL injection
Explanation
The provided code snippet shows a script that captures the user's cookies and sends them to a remote server. This type of attack is characteristic of Cross-Site Scripting (XSS), specifically stored XSS, where the malicious script is stored on the target server (e.g., in a database) and executed in the context of users who visit the infected web page. Stored XSS: The provided code snippet matches the pattern of a stored XSS attack, where the script is injected into a web page, and when users visit the page, the script executes and sends the user's cookies to the attacker's server.
Community Discussion
No community discussion yet for this question.