ExamTopics Logo
Mail Us[email protected]
Menu
Eccouncil Discussions
exam questions

Exam 312-50v11 All Questions

View all questions & answers for the 312-50v11 exam
Go to Exam

Exam 312-50v11 topic 1 question 300 discussion

Actual exam question from ECCouncil's 312-50v11
Question #: 300
Topic #: 1
[All 312-50v11 Questions]

An attacker changes the profile information of a particular user (victim) on the target website. The attacker uses this string to update the victim's profile to a text file and then submit the data to the attacker's database.

What is this type of attack (that can use either HTTP GET or HTTP POST) called?

  • A. Browser Hacking
  • B. Cross-Site Scripting
  • C. SQL Injection
  • D. Cross-Site Request Forgery
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by TroyMcLure at Sept. 20, 2022, 11:04 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Vincent_Lu
7 months, 1 week ago
Selected Answer: B
B. Cross-Site Scripting https://crashtest-security.com/xss-vs-csrf-difference/
upvoted 1 times
...
xXMikeXx
7 months, 1 week ago
This question is confusing. Like a lot of this certification. If the attacker inyect this string in the vulner website, first has exwploited a XSS and later a CSRF when victim's web browser render the iframe tag...
upvoted 1 times
...
victorfs
11 months, 2 weeks ago
Selected Answer: D
The correct option is D CSRF
upvoted 2 times
...
Stants
1 year, 3 months ago
According ChatGPT it should be Cross-site Scripting. This type of attack is called a "Cross-Site Scripting (XSS) attack". It is a type of web application vulnerability where an attacker injects malicious code into a web page viewed by other users. The malicious code can be in the form of a script, such as JavaScript, which is executed by the victim's browser when they view the affected web page. This can allow the attacker to steal sensitive information, such as login credentials, or perform other malicious actions on the victim's behalf, such as changing their profile information and submitting it to the attacker's database. The attack can be performed using either HTTP GET or HTTP POST methods, depending on the specific vulnerability present in the website.
upvoted 4 times
...
Daniel8660
1 year, 6 months ago
Selected Answer: D
Web Application Threats - Cross-Site Request Forgery (CSRF) Attack also known as a one-click attack, occurs when a hacker instructs a user’s web browser to send a request to the vulnerable website through a malicious web page.The victim holds an active session with a trusted site and simultaneously visits a malicious site, which injects an HTTP request for the trusted site into the victim user’s session. (P.1798/1782)
upvoted 2 times
...
TroyMcLure
1 year, 7 months ago
Selected Answer: D
Cross-site request forgery, also known as one-click attack or session riding and abbreviated as CSRF (sometimes pronounced sea-surf) or XSRF, is a type of malicious exploit of a website where unauthorized commands are transmitted from a user that the website trusts. Different HTTP request methods, such as GET and POST, have different level of susceptibility to CSRF attacks and require different levels of protection due to their different handling by web browsers. References: https://en.wikipedia.org/wiki/Cross-site_request_forgery
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago