Joe, a user, in a coffee shop is checking his email over a wireless network. An attacker records the temporary
credentials being passed to Joe’s browser. The attacker later uses the credentials to impersonate Joe and
creates SPAM messages.
Which of the following attacks allows for this impersonation?

A.
XML injection

B.
Directory traversal

C.
Header manipulation

D.
Session hijacking

Explanation:
In computer science, session hijacking, sometimes also known as cookie hijacking is the exploitation of a valid
computer session — sometimes also called a session key — to gain unauthorized access to information or
services in a computer system. In particular, it is used to refer to the theft of a magic cookie used to
authenticate a user to a remote server. It has particular relevance to web developers, as the HTTP cookies
used to maintain a session on many websites can be easily stolen by an attacker using an intermediary
computer or with access to the saved cookies on the victim’s computer.