which of the following attacks?

If a web application sends HTTP cookies as its method for transmitting session tokens, it
may be vulnerable which of the following attacks?

If a web application sends HTTP cookies as its method for transmitting session tokens, it
may be vulnerable which of the following attacks?

A.
Parameter tampering Attack

B.
Sql injection attack

C.
Session Hijacking

D.
Cross-site request attack

Explanation:

Reference:
https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)

Show Hint

Leave a Reply 6

Your email address will not be published. Required fields are marked *

Naveen Kumar

Naveen Kumar

D according to ECSAv8

Reply

Casia

Casia

The answer is C, look at page 578. slide 78

Reply

Mano

Mano

I agree answer is C.
XSS can be used to steal cookies to carry out Session highjacking

Reply

JC

JC

D is not XSS. Read carefully.
Cross-site REQUEST attack.

I also fall into this trap of not reading it fully.

Reply

Q 

Q 

C. Session Hijacking is the correct answer.
The attacker can exploit XSS vulnerability to steal cookies from legitimate users if the “HttpOnly” flag is not set. This kind of attack is known as “Session Hijacking.”

D. Cross-site request attack is not Cross-site scripting. It is more like CSRF.

Reply