Which attack injects input that contains a browser script, which if the target site is vulnerable to XSS, will be passed to the site's users?

Study for the SANS560 GIAC Penetration Tester (GPEN) Test. Study with flashcards and multiple choice questions, each question has hints and explanations. Get ready for your exam!

Multiple Choice

Which attack injects input that contains a browser script, which if the target site is vulnerable to XSS, will be passed to the site's users?

The attack described is XSS. It relies on attacker-supplied input being embedded in a web page in a way that the browser will execute it as part of the page. If the target site is vulnerable, that script runs in the context of the site's domain in the victims’ browsers, which can lead to actions like stealing cookies, session tokens, or performing actions on behalf of users.

Other options don’t fit this behavior: CSRF tricks a user into submitting a forged request to another site, not by delivering executable script to others; SQL injection targets the server’s database by injecting SQL commands, not by running code in users’ browsers; clickjacking uses overlays to fool the user into clicking something, without injecting script that runs in other users’ browsers.

Which attack injects input that contains a browser script, which if the target site is vulnerable to XSS, will be passed to the site's users?

Study for the SANS560 GIAC Penetration Tester (GPEN) Test. Study with flashcards and multiple choice questions, each question has hints and explanations. Get ready for your exam!

Which attack injects input that contains a browser script, which if the target site is vulnerable to XSS, will be passed to the site's users?

Get the latest from Passetra