SY0-501 Question #56: Real Exam Question with Answer & Explanation

Question

A web application is configured to target browsers and allow access to bank accounts to siphon money to a foreign account. This is an example of which of the following attacks?

Options

• ASQL injection
• BHeader manipulation
• CCross-site scripting
• DFlash cookie exploitation

Explanation

The attack described, where a web application targets browsers to siphon money, is characteristic of a Cross-site scripting (XSS) attack.

Common mistakes.

• A. SQL injection targets the application's database by inserting malicious SQL statements into input fields, aiming to extract or manipulate data from the backend, not primarily to execute code within a user's browser to siphon money.
• B. Header manipulation involves altering HTTP request or response headers to bypass security controls, trick servers, or mislead users, but it does not directly describe the injection of malicious scripts into a web page that executes in the user's browser.
• D. Flash cookie exploitation specifically targets vulnerabilities related to Adobe Flash Player's Local Shared Objects (Flash cookies), which is a deprecated technology and does not encompass the broader mechanism of injecting and executing arbitrary client-side scripts in a browser to control user actions.

Concept tested. Web application attack types (Cross-site scripting)

Reference. https://learn.microsoft.com/en-us/azure/security/fundamentals/cross-site-scripting

No community discussion yet for this question.