GCIH Question #83: Real Exam Question with Answer & Explanation

The correct answer is C: Cross-site scripting. Cross-site scripting (XSS) is the web application vulnerability that allows attackers to inject malicious client-side scripts into pages viewed by other users.

Web Application Attacks & Post-Exploitation

Question

Which of the following is a type of computer security vulnerability typically found in Web applications that allow code injection by malicious Web users into the Web pages viewed by other users?

Options

ASID filtering
BCookie poisoning
CCross-site scripting
DPrivilege Escalation

Explanation

Cross-site scripting (XSS) is the web application vulnerability that allows attackers to inject malicious client-side scripts into pages viewed by other users.

Common mistakes.

A. SID filtering is a Windows Active Directory security feature that strips SID history attributes on cross-domain trust boundaries, unrelated to web application code injection.
B. Cookie poisoning involves modifying cookie values to manipulate application behavior, but it does not inject executable code into pages viewed by other users.
D. Privilege escalation is the act of gaining higher access rights than originally granted, which is a different category of attack and does not involve injecting code into web pages.

Concept tested. Cross-site scripting XSS vulnerability definition

Reference. https://owasp.org/www-community/attacks/xss/

Topics

#cross-site scripting#XSS#code injection#web vulnerabilities

Community Discussion

No community discussion yet for this question.

Full GCIH Practice