ExamTopics Logo
Mail Us[email protected]
Menu
Eccouncil Discussions
exam questions

Exam 312-50 All Questions

View all questions & answers for the 312-50 exam
Go to Exam

Exam 312-50 topic 3 question 29 discussion

Actual exam question from ECCouncil's 312-50
Question #: 29
Topic #: 3
[All 312-50 Questions]

Which of the following conditions must be given to allow a tester to exploit a Cross-Site Request Forgery (CSRF) vulnerable web application?

  • A. The victim user must open the malicious link with an Internet Explorer prior to version 8.
  • B. The session cookies generated by the application do not have the HttpOnly flag set.
  • C. The victim user must open the malicious link with a Firefox prior to version 3.
  • D. The web application should not use random tokens.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by dimaste at Feb. 15, 2021, 10:20 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
MeganONO
Highly Voted 2 years, 3 months ago
D is correct , B is against XSS (httponly cookie = javascript can't access the session cookie)
upvoted 5 times
...
MikeLHW
Most Recent 6 months, 3 weeks ago
Selected Answer: D
I support D
upvoted 1 times
...
salei
8 months ago
Selected Answer: D
https://www.synopsys.com/glossary/what-is-csrf.html
upvoted 1 times
...
dorinh
1 year, 6 months ago
D is correct, since the attacker cannot set up the token prior to the attack
upvoted 1 times
...
dimaste
2 years, 3 months ago
I think B is more correct
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel