GCIH · Question #440
You are investigating a potential web server compromise involving user authentication. During the identification phase, you examine the web server log file and find thousands of lines like the one dis
The correct answer is A. This attack can lead to session hijacking. The value of the parameter word contains a browser script, which is sent back to the browser, where it runs. This script, using the document.cookie, reads the user's cookie and sends it to the site othersite.com (probably the attacker's web site) using the document.location. Henc
Question
You are investigating a potential web server compromise involving user authentication. During the identification phase, you examine the web server log file and find thousands of lines like the one displayed below. Based on the log file information, what kind of attack is this? bin/gr.cgi? '%2bdocument.cookie;</SCRIPT>
Options
- AThis attack can lead to session hijacking
- BThis attack pops-up a dialog box displaying the user's cookie
- CThis attack directly leads to server-side data leakage
- DThis attack redirects the user to the attacker's site
How the community answered
(24 responses)- A71% (17)
- B17% (4)
- C8% (2)
- D4% (1)
Explanation
The value of the parameter word contains a browser script, which is sent back to the browser, where it runs. This script, using the document.cookie, reads the user's cookie and sends it to the site othersite.com (probably the attacker's web site) using the document.location. Hence, doing so, the attacker steals the user's cookie, and if this contains the session ID token, the attacker can use it to perform a session hijacking attack (access the web server authenticated as the However, the users' credentials (username and password) are not being stolen (credentials are not stored in cookies). The script runs on the client and hence, it doesn't steal any server-side data. From the javaScript used in the script, there is no method that pops-up a dialog box. Finally, although document.location is used, the way it is used it does not redirect the user to the othersite.com, but it sends his cookie there.
Topics
Community Discussion
No community discussion yet for this question.