After visiting a website, a user receives an email thanking them for a purchase which they did not
request. Upon investigation the security administrator sees the following source code in a pop-up
window:
<HTML>
<body onload=”document.getElementByID(‘badForm’).submit()”>
<form id=”badForm” action=”shoppingsite.company.com/purchase.php” method=”post”
<input name=”Perform Purchase” value=”Perform Purchase” />
</form></body></HTML>
Which of the following has MOST likely occurred?
A.
SQL injection
B.
Cookie stealing
C.
XSRF
D.
XSS
Explanation: