Which vulnerability allows a third party to redirect of static content within the security context of a trusted site?
A.
Cross-Site Request Forgery (CSRF)
B.
Cross-Site Scripting (XSS)
C.
PHP Remote File Inclusion (RFI)
D.
SQL Injection
Explanation:
Answer A is correct; Cross-Site Request Forgery (CSRF) allows a third party to redirect of static content within the security context of a trusted site.Incorrect Answers and Explanations:B,C, andD.Answers B,C, andDare incorrect. Cross-Site Scripting (XSS): third party execution of Web scripting languages such as Javascript within the security context of a trusted site. XSS is similar to CSRF; the difference is XSS uses active code. PHP Remote File Inclusion (RFI): alters normal PHP variables to reference remote content, which can lead to execution of malicious PHP code. SQL Injection manipulates a back-end SQL server via a front-end Web server.
Cross-site request forgery, also known as one-click attack or session riding and abbreviated as CSRF (sometimes pronounced sea-surf[1]) or XSRF, is a type of malicious exploit of a website where unauthorized commands are transmitted from a user that the website trusts.[2] Unlike cross-site scripting (XSS), which exploits the trust a user has for a particular site, CSRF exploits the trust that a site has in a user’s browser.
0
0