An attacker changes the profile information of a particular user (victim) on the target website. The attacker uses this string to update the victim’s profile to a text file and then submit the data to the attacker’s database.
<iframe src="http://www.vulnweb.com/updateif.php" style="display:none"></iframe> What is this type of attack (that can use either HTTP GET or HTTP POST) called?
A. Cross-Site Request Forgery
B. Cross-Site Scripting
C. SQL Injection
D. Browser Hacking
EC-Council Certified Ethical Hacker v11Free dumps for 312-50v11 in Printable PDF format.High quality PDF and software. VALID exam to help you pass. |
 |
|
Download Printable PDF. VALID exam to help you PASS. |
|
Cross site scripting
No, correct answer is A, Cross-site request forgery, also known as one-click attack not just session riding
I would say the correct answer is B Cross-Site Scripting, this is not session riding.
https://en.wikipedia.org/wiki/Cross-site_scripting
The question specifies “can use either HTTP GET or HTTP POST” – so it’s most probably CSRF.