Joe, a user, in a coffee shop is checking his email over a wireless network. An attacker records
the temporary credentials being passed to Joe’s browser. The attacker later uses the credentials
to impersonate Joe and creates SPAM messages. Which of the following attacks allows for this
impersonation?

A.
XML injection

B.
Directory traversal

C.
Header manipulation

D.
Session hijacking

Explanation:
In computer science, session hijacking, sometimes also known as cookie hijacking is the
exploitation of a valid computer session—sometimes also called a session key—to gain
unauthorized access to information or services in a computer system. In particular, it is used to
refer to the theft of a magic cookie used to authenticate a user to a remote server. It has particular

relevance to web developers, as the HTTP cookies used to maintain a session on many web sites
can be easily stolen by an attacker using an intermediary computer or with access to the saved
cookies on the victim’s computer.