One Comment on “Which of the following attacks allows for this impersonation?”

1. meac says:

   May 30, 2018 at 4:01 pm

   This is a simple question and the answer is quite self-explanatory.

   INCORRECT ANSWERS:
   A.XML injection – An XML injection in simple terms INJECTS malicious XML code. This is usually done on WEB applications

   B. Directory traversal – Directory traversal or Path Traversal is an HTTP attack which allows attackers to access restricted directories and execute commands outside of the web server’s root directory. Web servers provide two main levels of security mechanisms. Access Control Lists (ACLs) Root directory. So this is an attack internal to the target device in order to access the directory structure

   C. Header manipulation – Header manipulation is the insertion of malicious data, which has not been validated, into a HTTP response header. One example of header manipulation is a HTTP response splitting attack. This type of attack exploits applications that allow a carriage return or line feed as input.
   So A, B and C are in fact attacks which aim to affect the internal workings of a target device, in this case a laptop, tablet or mobile phone using a Wi-Fi connection

   CORRECT ANSWER:
   The correct answer therefore is D. Session hijacking
   In computer science, session hijacking, sometimes also known as cookie hijacking is the exploitation of a valid computer session–sometimes also called a session key–to gain unauthorized access to information or services in a computer system. In particular, it is used to refer to the theft of a magic cookie used to authenticate a user to a remote server. It has particular relevance to web developers, as the HTTP cookies used to maintain a session on many web sites can be easily stolen by an attacker using an intermediary computer or with access to the saved cookies on the victim’s computer.

   
   
   
   0

   
   
   
   0