GIAC
GCIH · Question #767
GCIH Question #767: Real Exam Question with Answer & Explanation
The correct answer is B: Stored XSS. Stored XSS occurs when malicious scripts are persisted on the server and executed in the browser of any user who views the affected content.
Web Application Attacks & Post-Exploitation
Question
A victim visits a website that allows authenticated users to upload articles for other users to read. The victim logs in and clicks a link on the website's home page for a newly posted article. When the article's page opens, malicious code embedded in the uploaded article runs in the victim's browser, sending sensitive information to the malicious code's author. What web application vulnerability allowed this attack to happen?
Options
- ASQL injection
- BStored XSS
- CCross-Site Request Forgery
- DSession hijacking
Explanation
Stored XSS occurs when malicious scripts are persisted on the server and executed in the browser of any user who views the affected content.
Common mistakes.
- A. SQL injection manipulates database queries through unsanitized input; it does not cause script execution in a victim's browser.
- C. Cross-Site Request Forgery tricks a victim's browser into making authenticated requests to a site, but does not involve injecting and executing malicious code within the site itself.
- D. Session hijacking involves stealing an existing session token after it is obtained by other means; it is not a vulnerability that causes malicious code to run in the victim's browser.
Concept tested. Stored XSS persistent script injection attack
Reference. https://owasp.org/www-community/attacks/xss/
Topics
#stored XSS#cross-site scripting#web application vulnerability#malicious code injection
Community Discussion
No community discussion yet for this question.