ExamTopics Logo
Mail Us[email protected]
Menu
Eccouncil Discussions
exam questions

Exam 312-39 All Questions

View all questions & answers for the 312-39 exam
Go to Exam

Exam 312-39 topic 1 question 52 discussion

Actual exam question from ECCouncil's 312-39
Question #: 52
Topic #: 1
[All 312-39 Questions]

An attacker, in an attempt to exploit the vulnerability in the dynamically generated welcome page, inserted code at the end of the company’s URL as follows: http://technosoft.com.com/<script>alert("WARNING: The application has encountered an error");</script>.
Identify the attack demonstrated in the above scenario.

  • A. Cross-site Scripting Attack
  • B. SQL Injection Attack
  • C. Denial-of-Service Attack
  • D. Session Attack
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by SchFiftySchFive at March 4, 2023, 7:09 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Berro_b
1 month, 4 weeks ago
Selected Answer: A
p.114-119 The attacker finds XSS vulnerability in the techpost.org website, constructs a malicious script <script>onload=window.location='http://www.certifiedhacker.com‘</script>, and adds it in the comment field of TechPost.
upvoted 1 times
...
Ruso_1985
7 months, 2 weeks ago
The answer is A. Pag 116
upvoted 1 times
...
sis_net_sec
2 years ago
Selected Answer: A
In this attack, an attacker injects malicious code (in this case, a script that displays an alert) into a vulnerable web application
upvoted 1 times
...
bandarfjb
2 years, 2 months ago
The scenario described in the question demonstrates a Cross-site Scripting (XSS) attack. In this attack, an attacker injects malicious code (in this case, a script that displays an alert) into a vulnerable web application, typically by exploiting input validation or output encoding weaknesses.
upvoted 1 times
...
SchFiftySchFive
2 years, 3 months ago
I believe the correct answer is A. Cross Site Scripting attack. In the example, the attacker is injecting javascript into the URL to create a pop-up warning. In a session attack, the attacker sniffs or otherwise acquires a legit session ID and uses it to gain access to a server, which is not mentioned here. Examples of both are on the OWASP website at the following link. https://owasp.org/www-community/attacks/Session_hijacking_attack
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel