Home » ECCouncil » 312-50 » The attacker uses this string to update the victim’s profile to a text file and then submit the data to the attacker’s database.
An attacker changes the profile information of a particular user (victim) on the target website. The attacker uses this string to update the victim’s profile to a text file and then submit the data to the attacker’s database.
<iframe src="http://www.vulnweb.com/updateif.php" style="display:none"></iframe> What is this type of attack (that can use either HTTP GET or HTTP POST) called?
A. Cross-Site Request Forgery
B. Cross-Site Scripting
C. SQL Injection
D. Browser Hacking
Correct Answer: A
Explanation/Reference:
Cross-site request forgery, also known as one-click attack or session riding and abbreviated as CSRF (sometimes pronounced sea-surf) or XSRF, is a type of malicious exploit of a website where unauthorized commands are transmitted from a user that the website trusts.
Different HTTP request methods, such as GET and POST, have different level of susceptibility to CSRF attacks and require different levels of protection due to their different handling by web browsers.
References: https://en.wikipedia.org/wiki/Cross-site_request_forgery
Free dumps for 312-50v11 in Printable PDF format.
High quality PDF and software. VALID exam to help you pass.
|
|
Download Printable PDF. VALID exam to help you PASS.
|
|
Cross site scripting
No, correct answer is A, Cross-site request forgery, also known as one-click attack not just session riding
I would say the correct answer is B Cross-Site Scripting, this is not session riding.
https://en.wikipedia.org/wiki/Cross-site_scripting
The question specifies “can use either HTTP GET or HTTP POST” – so it’s most probably CSRF.