ExamTopics Logo
Mail Us[email protected]
Menu
Eccouncil Discussions
exam questions

Exam 312-50v13 All Questions

View all questions & answers for the 312-50v13 exam
Go to Exam

Exam 312-50v13 topic 1 question 217 discussion

Actual exam question from ECCouncil's 312-50v13
Question #: 217
Topic #: 1
[All 312-50v13 Questions]

As part of a penetration testing team, you've discovered a web application vulnerable to Cross-Site Scripting (XSS). The application sanitizes inputs against standard XSS payloads but fails to filter out HTML-encoded characters. On further analysis, you've noticed that the web application uses cookies to track session IDs. You decide to exploit the XSS vulnerability to steal users' session cookies. However, the application implements HTTPOnly cookies, complicating your original plan. Which of the following would be the most viable strategy for a successful attack?

  • A. Build an XSS payload using HTML encoding and use it to exploit the server-side code, potentially disabling the HTTPOnly flag on cookies.
  • B. Develop a browser exploit to bypass the HTTPOnly restriction, then use a HTML-encoded XSS payload to retrieve the cookies.
  • C. Utilize an HTML-encoded XSS payload to trigger a buffer overflow attack, forcing the server to reveal the HTTPOnly cookies.
  • D. Create a sophisticated XSS payload that leverages HTML encoding to bypass the input sanitization, and then use it to redirect users to a malicious site where their cookies can be captured.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by MHafizC at Jan. 16, 2025, 3:02 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
NikoTomas
2 weeks, 1 day ago
Selected Answer: D
Answer: D I’m choosing D) because other answers are unrealistic and useless but D) also won’t work as presented in the answer because when user is redirected to the malicious site, then only cookies belonging to the TARGET SITE are sent with the request (if some exists in the browser) but NOT cookies belonging to the SOURCE SITE which we are hacking. So attacker won't get the cookies in question with HttpOnly flag. Anyway, the malicious site can be useful for another hacks then...
upvoted 1 times
...
pindinga1
2 months ago
Selected Answer: D
The correct answer is: D. Create a sophisticated XSS payload that leverages HTML encoding to bypass the input sanitization, and then use it to redirect users to a malicious site where their cookies can be captured. Explanation: The scenario involves a web application vulnerable to Cross-Site Scripting (XSS) that sanitizes inputs against standard XSS payloads but fails to filter out HTML-encoded characters. Additionally, the application uses HTTPOnly cookies, which prevent client-side scripts (like JavaScript) from accessing the cookies directly. Here's why option D is the most viable strategy:
upvoted 2 times
...
MHafizC
2 months, 3 weeks ago
Selected Answer: D
HTML Encoding to Bypass Input Sanitization: Since the application fails to filter out HTML-encoded characters, you can craft an XSS payload that uses HTML encoding to bypass the input sanitization. Redirecting Users to a Malicious Site: By redirecting users to a malicious site, you can capture their session cookies through other means, such as social engineering or exploiting vulnerabilities on the malicious site. This approach circumvents the HTTPOnly restriction, as the cookies are not directly accessed by the script but are instead sent to the malicious site.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago