Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

GIAC GCIH Exam - Topic 5 Question 21 Discussion

Actual exam question for GIAC's GCIH exam
Question #: 21
Topic #: 5
[All GCIH Questions]

John works as a Penetration Tester in a security service providing firm named you-are-secure Inc. Recently, John's company has got a project to test the security of a promotional Website www.missatlanta.com and assigned the pen-testing work to John. When John is performing penetration testing, he inserts the following script in the search box at the company home page:

After pressing the search button, a pop-up box appears on his screen with the text - "Hi, John." Which of the following attacks can be performed on the Web site tested by john while considering the above scenario?

Show Suggested Answer Hide Answer
Suggested Answer: D

by Helga at Jul 03, 2024, 08:58 PM

Limited Time Offer

25%

Off

Get Premium GCIH Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Alona
6 months ago
I thought buffer overflow was more complex than this!
upvoted 0 times
...
Margarett
6 months ago
Replay attacks don't fit here, it's clearly XSS.
upvoted 0 times
...
Ryan
6 months ago
Wait, are we sure it's not a CSRF? Seems a bit off.
upvoted 0 times
...
Whitney
7 months ago
Totally agree, it's all about injecting scripts.
upvoted 0 times
...
Willetta
7 months ago
That's definitely an XSS attack!
upvoted 0 times
...
Iesha
7 months ago
I vaguely recall something about CSRF attacks, but they usually involve actions being performed without user consent. This feels more like XSS to me.
upvoted 0 times
...
Kaitlyn
7 months ago
This reminds me of a practice question we did on web vulnerabilities. I think the correct answer is D, XSS attack, but I could be wrong.
upvoted 0 times
...
Bette
8 months ago
I'm not entirely sure, but I think the alert box indicates that the script was executed in the browser, which might suggest an XSS vulnerability.
upvoted 0 times
...
Sabra
8 months ago
I remember studying about XSS attacks and how they can be executed through input fields. This seems like a classic example of that.
upvoted 0 times
...
Denna
8 months ago
I'm not entirely confident about this one. The script execution is a clue, but I want to make sure I'm not missing any other details that could indicate a different type of attack. I'll carefully read through the question again and consider all the options before selecting my answer.
upvoted 0 times
...
Fabiola
8 months ago
Okay, I've got this. The script execution in the search box points to a potential XSS vulnerability. I'll make sure to thoroughly test the website for other XSS flaws and document my findings. This is a great opportunity to showcase my penetration testing skills.
upvoted 0 times
...
Tonja
8 months ago
Hmm, I'm a bit confused. The question mentions a script being inserted, but I'm not sure if that's enough to determine the type of attack. I'll need to review my notes on different web application vulnerabilities to make sure I choose the right answer.
upvoted 0 times
...
Brynn
8 months ago
This looks like a classic XSS attack scenario. The script inserted in the search box triggered a pop-up, indicating the website is vulnerable to cross-site scripting. I'll focus on understanding the XSS attack vector and how to properly test for it.
upvoted 0 times
...
Joye
8 months ago
I'm a bit confused by this question. I don't recall discussing the specific variable env: composer_auth in our lectures. I'll have to make an educated guess here, but I'm not entirely confident in my answer.
upvoted 0 times
...
Art
8 months ago
This is a tricky one. The company has high-value individuals, which are intangible assets, but the question is asking about the net asset valuation method. I'll need to really analyze the options to figure out the best answer.
upvoted 0 times
...
Cecilia
8 months ago
Okay, I've got this. The key is understanding that cybersecurity governance involves both technical and managerial components. I'll carefully consider each option to find the one that best captures that.
upvoted 0 times
...
Valentine
8 months ago
Hmm, I'm a bit unsure about this one. I'll need to double-check the Android documentation to make sure I understand where the theme is set in the manifest file.
upvoted 0 times
...
Jacinta
1 year ago
Haha, John's just saying 'Hi' to himself. I wonder if he's going to try and hack the Miss Atlanta website to win the pageant. That would be a plot twist!
upvoted 0 times
Jamie
12 months ago
D) XSS attack
upvoted 0 times
...
Carolann
1 year ago
C) Buffer overflow attack
upvoted 0 times
...
Allene
1 year ago
B) CSRF attack
upvoted 0 times
...
Hildegarde
1 year ago
A) Replay attack
upvoted 0 times
...
...
Domonique
1 year ago
Buffer overflow? I don't think that's what's happening here. This looks more like a simple XSS issue that John can probably exploit further.
upvoted 0 times
...
Anastacia
1 year ago
Hmm, I'm not so sure about that. The script execution alone doesn't necessarily indicate a CSRF vulnerability. John should dig deeper to identify the attack vector.
upvoted 0 times
...
Eugene
1 year ago
Ah, the classic XSS attack! That pop-up is a clear sign of a vulnerability in the website's input sanitization. John's got his work cut out for him.
upvoted 0 times
...
Sabine
1 year ago
I'm not sure about XSS attack, but I think CSRF attack could also be a possibility here. It's important to consider all options before making a final decision.
upvoted 0 times
...
Darnell
1 year ago
I agree with Curtis, XSS attack seems to be the most relevant in this scenario. It's a common vulnerability that allows attackers to execute malicious scripts on the victim's browser.
upvoted 0 times
...
Curtis
1 year ago
I think the answer is D) XSS attack because the script injected by John is a classic example of a cross-site scripting attack.
upvoted 0 times
...

Save Cancel