Which of the following types of attacks is this an example of?

PT0-003 0 Comments

During a web application assessment, a penetration tester identifies an input field that allows JavaScript injection. The tester inserts a line of JavaScript that results in a prompt, presenting a text box when browsing to the page going forward.

Which of the following types of attacks is this an example of?
A . SQL injection
B . SSRF
C . XSS
D . Server-side template injection

Answer: C

Explanation:

Cross-Site Scripting (XSS) is an attack that involves injecting malicious scripts into web pages viewed by other users.

Here ’ s why option C is correct:

XSS (Cross-Site Scripting): This attack involves injecting JavaScript into a web application, which is then executed by the user’s browser. The scenario describes injecting a JavaScript prompt, which is a typical XSS payload.

SQL Injection: This involves injecting SQL commands to manipulate the database and does not relate to JavaScript injection.

SSRF (Server-Side Request Forgery): This attack tricks the server into making requests to unintended locations, which is not related to client-side JavaScript execution.

Server-Side Template Injection: This involves injecting code into server-side templates, not JavaScript that executes in the user’s browser.

Reference from Pentest:

Horizontall HTB: Demonstrates identifying and exploiting XSS vulnerabilities in web applications​. Luke HTB: Highlights the process of testing for XSS by injecting scripts and observing their execution in the browser​.

Latest PT0-003 Dumps Valid Version with 131 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download PT0-003 PDF     PT0-003 Questions Online Training
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments