Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Eccouncil Discussions
exam questions

Exam 312-50v12 All Questions

View all questions & answers for the 312-50v12 exam
Go to Exam

Exam 312-50v12 topic 1 question 245 discussion

Actual exam question from ECCouncil's 312-50v12
Question #: 245
Topic #: 1
[All 312-50v12 Questions]

An ethical hacker is testing a web application of a financial firm. During the test, a 'Contact Us' form's input field is found to lack proper user input validation, indicating a potential Cross-Site Scripting (XSS) vulnerability. However, the application has a stringent Content Security Policy (CSP) disallowing inline scripts and scripts from external domains but permitting scripts from its own domain. What would be the hacker's next step to confirm the XSS vulnerability?

  • A. Utilize a script hosted on the application's domain to test the form
  • B. Try to disable the CSP to bypass script restrictions
  • C. Inject a benign script inline to the form to see if it executes
  • D. Load a script from an external domain to test the vulnerability
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by DarioReymag at Feb. 6, 2024, 10:38 p.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
LordXander
7 months, 3 weeks ago
Selected Answer: B
Well, B could be an option however also A. A is more applicable for an insider threat
upvoted 1 times
...
insaniunt
9 months, 2 weeks ago
Selected Answer: A
A. Utilize a script hosted on the application's domain to test the form Since the CSP allows scripts from the application's own domain, using a script hosted on the same domain would be a valid and ethical way to confirm the XSS vulnerability. This approach aligns with the permitted behavior of the CSP and helps the ethical hacker assess whether the lack of proper user input validation in the 'Contact Us' form leads to the execution of scripts from the same domain.
upvoted 2 times
...
[Removed]
9 months, 2 weeks ago
Team can you confirm if this is accurate
upvoted 1 times
...
[Removed]
9 months, 2 weeks ago
Could someone please validate this information
upvoted 1 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel