PrepAway - Latest Free Exam Questions & Answers

What type of cross-site scripting vulnerability is she exploiting?

Mary is creating malicious code that will steal a user’s cookies by modifying the original client-side Java script. What type of cross-site scripting vulnerability is she exploiting?

PrepAway - Latest Free Exam Questions & Answers

A.
Second order

B.
DOM-based

C.
Persistent

D.
Nonpersistent

Explanation:
B: Mary is exploiting a document object model (DOM)-based cross-site scripting (XSS) vulnerability, which is also referred to as local cross-site scripting. DOM is the standard
structure layout to represent HTML and XML documents in the browser. In such attacks the document components such as form fields and cookies can be referenced through
JavaScript. The attacker uses the DOM environment to modify the original client side JavaScript. This causes the victim’s browser to execute the resulting abusive JavaScript code.
The most effective way to prevent these attacks is to disable scripting support in the browser.
A is incorrect because a second-order vulnerability, or persistent XSS vulnerability, is targeted at Web sites that allow users to input data that is stored in a database or other
location, such as a forum or message board. Second-order vulnerabilities allow the most dominant type of attacks.
C is incorrect because a persistent XSS vulnerability is simply another name for a second-order vulnerability. As previously stated, these vulnerabilities allow users to input data that
is stored in a database or other location such as an online forum or message board. These types of platforms are among the most commonly plagued by XSS vulnerabilities. The best
way to overcome these vulnerabilities is through secure programming practices. Each and every user input should be filtered, and only a limited set of known and secure characters
should be allowed for user input.
D is incorrect because nonpersistent XSS vulnerabilities, also referred to as reflected vulnerabilities, occur when an attacker tricks the victim into opening a URL programmed with a
rogue script to steal the victim’s sensitive information (such as a cookie). The principle behind this attack lies in exploiting lack of proper input or output validation on dynamic Web
sites.

One Comment on “What type of cross-site scripting vulnerability is she exploiting?

  1. joe says:

    Document object model (DOM)-based attack is to monitor cookie focus on java.
    Second-order vulnerability, or persistent XSS vulnerability, is targeted at Web sites.

    Persistent XSS vulnerability is simply another name for a second-order vulnerability. As previously stated, these vulnerabilities allow users to input data that is stored in a database or other location such as an online forum or message board. These types of platforms are among the most commonly plagued by XSS vulnerabilities.

    Nonpersistent XSS vulnerabilities, also referred to as reflected vulnerabilities, occur when an attacker tricks the victim into opening a URL programmed with a
    rogue script to steal the victim’s sensitive information (such as a cookie). The principle behind this attack lies in exploiting lack of proper input or output validation on dynamic Web
    sites.




    0



    0

Leave a Reply