A company has hired a cybersecurity firm to assess web server security posture. To test for cross-site scripting vulnerabilities, the tester will use the string. Where would the tester use the string?
- in an HTTP header
- in an error message
- in a terminal window on the server
- in a user input field in a web form
Explanation: Cross-site scripting (XSS) vulnerabilities are achieved in different ways:
The example below shows an XSS test that can be performed from the address bar of a browser:
javascript:alert("Omar_s_XSS test"); javascript:alert(document.cookie);
The example below shows an XSS test that can be performed in a user input field in a web form:
Exam with this question: 6.13.3 Quiz - Performing Post-Exploitation Techniques Answers
Please login or Register to submit your answer