CompTIA
SY0-301 · Question #846
SY0-301 Question #846: Real Exam Question with Answer & Explanation
The correct answer is A: XSS attack. Injecting script tags into a web form or bulletin board is a classic cross-site scripting (XSS) attack, which causes malicious scripts to execute in other users' browsers.
Question
Pete, the security administrator, has been notified by the IDS that the company website is under attack. Analysis of the web logs show the following string, indicating a user is trying to post a comment on the public bulletin board. This is an example of which of the following?
Options
- AXSS attack
- BXML injection attack
- CBuffer overflow attack
- DSQL injection attack
Explanation
Injecting script tags into a web form or bulletin board is a classic cross-site scripting (XSS) attack, which causes malicious scripts to execute in other users' browsers.
Common mistakes.
- B. XML injection exploits vulnerabilities in XML parsers and requires XML-structured input, not HTML script tags targeting browser rendering.
- C. Buffer overflow attacks exploit memory allocation boundaries in application code and are not triggered by submitting script tags through a web form.
- D. SQL injection uses database query syntax such as single quotes and SQL keywords to manipulate backend queries, not script tags intended for browser execution.
Concept tested. Cross-site scripting (XSS) attack identification
Reference. https://owasp.org/www-community/attacks/xss/
Community Discussion
No community discussion yet for this question.