Which vulnerability allows a third party to redirect of static content within the security context of a trusted site?
A.
Cross-Site Request Forgery (CSRF)
B.
Cross-Site Scripting (XSS)
C.
PHP Remote File Inclusion (RFI)
D.
SQL Injection
Explanation:
Answer A is correct; Cross-Site Request Forgery (CSRF) allows a third party to redirect of static content within the security context of a trusted site.Incorrect Answers and Explanations:B,C, andD.Answers B,C, andDare incorrect. Cross-Site Scripting (XSS): third party execution of Web scripting languages such as Javascript within the security context of a trusted site. XSS is similar to CSRF; the difference is XSS uses active code. PHP Remote File Inclusion (RFI): alters normal PHP variables to reference remote content, which can lead to execution of malicious PHP code. SQL Injection manipulates a back-end SQL server via a front-end Web server.