Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Eccouncil Exam 312-96 Topic 1 Question 13 Discussion

Actual exam question for Eccouncil's 312-96 exam
Question #: 13
Topic #: 1
[All 312-96 Questions]

Thomas is not skilled in secure coding. He neither underwent secure coding training nor is aware of the consequences of insecure coding. One day, he wrote code as shown in the following screenshot. He passed 'false' parameter to setHttpOnly() method that may result in the existence of a certain type of vulnerability. Identify the attack that could exploit the vulnerability in the above case.

Show Suggested Answer Hide Answer
Suggested Answer: B

by Allene at Apr 13, 2024, 02:52 AM

Limited Time Offer

25%

Off

Get Premium 312-96 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Bernadine
5 days ago
I dunno, you guys. I'm kind of leaning towards the Directory Traversal Attack option. I mean, think about it – if the HttpOnly flag isn't set, the attacker could potentially access sensitive files on the server. That just seems like the most logical answer to me.
upvoted 0 times
...
Hana
7 days ago
Wow, you all are really going for it, huh? I'm just sitting here wondering how Thomas even got this job in the first place. I mean, secure coding training? What is this, rocket science? *laughs* Anyway, I'm going with Client-Side Scripts Attack. Seems like the safest bet.
upvoted 0 times
...
Lashawnda
8 days ago
Hold up, I don't think any of you have it right. This sounds more like a Directory Traversal Attack to me. If the HttpOnly flag isn't set, the attacker could try to access sensitive files or directories on the server. That's way more likely than a SQL Injection or Denial-of-Service attack in this case.
upvoted 0 times
...
Zena
9 days ago
You guys are overthinking this! It's clearly a Denial-of-Service attack. I mean, if the HttpOnly flag isn't set correctly, that could leave the session cookies vulnerable, and a hacker could just bombard the server with requests until it crashes. Easy peasy.
upvoted 0 times
...
Gearldine
11 days ago
Hmm, I'm not so sure about that. I mean, a Client-Side Scripts Attack makes sense, but what if someone tries to do a SQL Injection Attack instead? The way the code is written, it could leave the application vulnerable to that kind of attack as well. Decisions, decisions...
upvoted 0 times
...
Lynette
12 days ago
Oh man, this question is really tricky. Thomas clearly doesn't have a clue about secure coding, and passing 'false' to setHttpOnly() is just asking for trouble. I'm guessing the right answer has to be a Client-Side Scripts Attack, since that's a common vulnerability when you don't set the HttpOnly flag properly.
upvoted 0 times
...

Save Cancel