PT0-002 · Question #306
PT0-002 Question #306: Real Exam Question with Answer & Explanation
The correct answer is B: crossDomain: true. When setting up the attack, the security engineer would need to add a line of code that enables cross-domain requests. This is to ensure that the page can receive data from the remote server (in this case, evilcorp.com). Adding the line of code "crossDomain: true" enables the pag
Question
For a penetration test engagement, a security engineer decides to impersonate the IT help desk. The security engineer sends a phishing email containing an urgent request for users to change their passwords and a link to https://example.com/index.html. The engineer has designed the attack so that once the users enter the credentials, the index.html page takes the credentials and then forwards them to another server that the security engineer is controlling. Given the following information: Which of the following lines of code should the security engineer add to make the attack successful?
Options
- Awindow.location.= 'https://evilcorp.com'
- BcrossDomain: true
- Cgeturlparameter ('username')
- DredirectUrl = 'https://example.com'
Explanation
When setting up the attack, the security engineer would need to add a line of code that enables cross-domain requests. This is to ensure that the page can receive data from the remote server (in this case, evilcorp.com). Adding the line of code "crossDomain: true" enables the page to make cross-domain requests, allowing the attacker to receive the credentials provided by the
Topics
Community Discussion
No community discussion yet for this question.