SY0-301 · Question #247
A victim is logged onto a popular home router forum site in order to troubleshoot some router configuration issues. The router is a fairly standard configuration and has an IP address of 192.168.1.1.
The correct answer is B. Cross-site request forgery. This is a classic Cross-Site Request Forgery (CSRF) attack. The victim is authenticated to their router's admin interface in one browser tab, meaning the browser holds a valid session cookie for 192.168.1.1. When the victim clicks a malicious link on the forum, the link contains
Question
A victim is logged onto a popular home router forum site in order to troubleshoot some router configuration issues. The router is a fairly standard configuration and has an IP address of 192.168.1.1. The victim is logged into their router administrative interface in one tab and clicks a forum link in another tab. Due to clicking the forum link, the home router reboots. Which of the following attacks MOST likely occurred?
Options
- ABrute force password attack
- BCross-site request forgery
- CCross-site scripting
- DFuzzing
How the community answered
(70 responses)- A6% (4)
- B76% (53)
- C14% (10)
- D4% (3)
Explanation
This is a classic Cross-Site Request Forgery (CSRF) attack. The victim is authenticated to their router's admin interface in one browser tab, meaning the browser holds a valid session cookie for 192.168.1.1. When the victim clicks a malicious link on the forum, the link contains a crafted HTTP request (e.g., targeting http://192.168.1.1/reboot) that the victim's browser executes automatically, including the valid session cookie. The router sees the request as legitimate because it comes with a valid authenticated session. CSRF exploits the trust a website places in the user's browser. Brute Force (A) would require many repeated login attempts, not a single click. Cross-Site Scripting (C) injects malicious scripts into a trusted site's content to execute in the victim's browser, which is a different mechanism. Fuzzing (D) is a testing technique that sends random/invalid data to find bugs - it is not an end-user attack.
Topics
Community Discussion
No community discussion yet for this question.