This kind of attack will let you assume a users identity at a dynamically generated web page or
site:
A.
SQL Injection
B.
Cross Site Scripting
C.
Session Hijacking
D.
Zone Transfer
Explanation:
Cross-site scripting (XSS) is a type of computer security vulnerability typically found
in web applications which allow code injection by malicious web users into the web pages viewed
by other users. Examples of such code include HTML code and client-side scripts. An exploited
cross-site scripting vulnerability can be used by attackers to bypass access controls such as the
same origin policy.
B
Why can’t C also be the answer?
How does XSS assume user’s identity? XSS migt reveal session cookie, but then the actual session hijacking would assume users identity.
Here is my interpretation of the question:
Key word to focus on is ‘Attack’.
Sql injection is an ‘Attack’.
XSS is an ‘Attack’.
Session Hijacking is the result of an attack.
Zone transfer is normal and is not an attack. It just needs to be locked down to authorized people/systems.
You would use the XSS ‘attack’ to steal the cookies and perform session hijacking.
c