During a forensic review of a cybersecurity incident, a security engineer collected a portion of the payload used by an attacker on a comprised web server Given the following portion of the code:
Which of the following best describes this incident?
The provided code snippet shows a script that captures the user's cookies and sends them to a remote server. This type of attack is characteristic of Cross-Site Scripting (XSS), specifically stored XSS, where the malicious script is stored on the target server (e.g., in a database) and executed in the context of users who visit the infected web page.
A. XSRF (Cross-Site Request Forgery) attack: This involves tricking the user into performing actions on a different site without their knowledge but does not involve stealing cookies via script injection.
B. Command injection: This involves executing arbitrary commands on the host operating system, which is not relevant to the given JavaScript code.
C. Stored XSS: The provided code snippet matches the pattern of a stored XSS attack, where the script is injected into a web page, and when users visit the page, the script executes and sends theuser's cookies to the attacker's server.
D. SQL injection: This involves injecting malicious SQL queries into the database and is unrelated to the given JavaScript code.
[References:, CompTIA Security+ Study Guide, OWASP (Open Web Application SecurityProject) guidelines on XSS, "The Web Application Hacker's Handbook" by Dafydd Stuttard and Marcus Pinto, , , , , ]
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit