Independence Day Deal! Unlock 25% OFF Today – Limited-Time Offer - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

GIAC Exam GCIH Topic 5 Question 21 Discussion

Actual exam question for GIAC's GCIH exam
Question #: 21
Topic #: 5
[All GCIH Questions]

John works as a Penetration Tester in a security service providing firm named you-are-secure Inc. Recently, John's company has got a project to test the security of a promotional Website www.missatlanta.com and assigned the pen-testing work to John. When John is performing penetration testing, he inserts the following script in the search box at the company home page:

After pressing the search button, a pop-up box appears on his screen with the text - "Hi, John." Which of the following attacks can be performed on the Web site tested by john while considering the above scenario?

Show Suggested Answer Hide Answer
Suggested Answer: D

by Helga at Jul 03, 2024, 08:58 PM

Limited Time Offer

25%

Off

Get Premium GCIH Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Jacinta
2 months ago
Haha, John's just saying 'Hi' to himself. I wonder if he's going to try and hack the Miss Atlanta website to win the pageant. That would be a plot twist!
upvoted 0 times
Jamie
19 days ago
D) XSS attack
upvoted 0 times
...
Carolann
22 days ago
C) Buffer overflow attack
upvoted 0 times
...
Allene
28 days ago
B) CSRF attack
upvoted 0 times
...
Hildegarde
1 months ago
A) Replay attack
upvoted 0 times
...
...
Domonique
2 months ago
Buffer overflow? I don't think that's what's happening here. This looks more like a simple XSS issue that John can probably exploit further.
upvoted 0 times
...
Anastacia
2 months ago
Hmm, I'm not so sure about that. The script execution alone doesn't necessarily indicate a CSRF vulnerability. John should dig deeper to identify the attack vector.
upvoted 0 times
...
Eugene
2 months ago
Ah, the classic XSS attack! That pop-up is a clear sign of a vulnerability in the website's input sanitization. John's got his work cut out for him.
upvoted 0 times
...
Sabine
2 months ago
I'm not sure about XSS attack, but I think CSRF attack could also be a possibility here. It's important to consider all options before making a final decision.
upvoted 0 times
...
Darnell
3 months ago
I agree with Curtis, XSS attack seems to be the most relevant in this scenario. It's a common vulnerability that allows attackers to execute malicious scripts on the victim's browser.
upvoted 0 times
...
Curtis
3 months ago
I think the answer is D) XSS attack because the script injected by John is a classic example of a cross-site scripting attack.
upvoted 0 times
...

Save Cancel