nerdexam
GIAC

GCIH · Question #767

A victim visits a website that allows authenticated users to upload articles for other users to read. The victim logs in and clicks a link on the website's home page for a newly posted article. When t

Sign in or unlock GCIH to reveal the answer and full explanation for question #767. The question stem and answer options stay visible for context.

Web Application Attacks & Post-Exploitation

Question

A victim visits a website that allows authenticated users to upload articles for other users to read. The victim logs in and clicks a link on the website's home page for a newly posted article. When the article's page opens, malicious code embedded in the uploaded article runs in the victim's browser, sending sensitive information to the malicious code's author. What web application vulnerability allowed this attack to happen?

Options

  • ASQL injection
  • BStored XSS
  • CCross-Site Request Forgery
  • DSession hijacking

Unlock GCIH to see the answer

You've previewed enough free GCIH questions. Unlock GCIH for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.

Topics

#stored XSS#cross-site scripting#web application vulnerability#malicious code injection
Full GCIH Practice