Why do you think Dan might not be able to get an interactive session?

Dan is conducting penetration testing and has found a vulnerability in a Web Application which gave him the sessionID token via a cross site scripting vulnerability. Dan wants to replay this token. However, the session ID manager (on the server) checks the originating IP address as well. Dan decides to spoof his IP address in order to replay the sessionID.

Why do you think Dan might not be able to get an interactive session?
A . Dan cannot spoof his IP address over TCP network
B . The scenario is incorrect as Dan can spoof his IP and get responses
C . The server will send replies back to the spoofed IP address
D . Dan can establish an interactive session only if he uses a NAT

Answer: C

Latest CEH-001 Dumps Valid Version with 878 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments