ExamTopics Logo
Mail Us[email protected]
Menu
Eccouncil Discussions
exam questions

Exam 312-50v13 All Questions

View all questions & answers for the 312-50v13 exam
Go to Exam

Exam 312-50v13 topic 1 question 245 discussion

Actual exam question from ECCouncil's 312-50v13
Question #: 245
Topic #: 1
[All 312-50v13 Questions]

An ethical hacker is testing a web application of a financial firm. During the test, a 'Contact Us' form's input field is found to lack proper user input validation, indicating a potential Cross-Site Scripting (XSS) vulnerability. However, the application has a stringent Content Security Policy (CSP) disallowing inline scripts and scripts from external domains but permitting scripts from its own domain. What would be the hacker's next step to confirm the XSS vulnerability?

  • A. Utilize a script hosted on the application's domain to test the form
  • B. Try to disable the CSP to bypass script restrictions
  • C. Inject a benign script inline to the form to see if it executes
  • D. Load a script from an external domain to test the vulnerability
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by mulekule at April 17, 2025, 4:55 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
mulekule
2 days, 15 hours ago
Selected Answer: A
A is the correct answer
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago