A cybercriminal takes advantage of application vulnerabilities and executes any command, on the target device, with the privileges of the user running the application. What type of attack does this scenario describe?

A cybercriminal takes advantage of application vulnerabilities and executes any command, on the target device, with the privileges of the user running the application. What type of attack does this scenario describe?

• remote code execution
• cross-site scripting
• SQL injection
• XML injection

Explanation: Remote code execution allows a cybercriminal to take advantage of application vulnerabilities to execute any command with the privileges of the user running the application on the target device. Cross-site scripting occurs when the victim accesses a web page and malicious scripts are unknowingly passed to their browser. An XML injection attack can corrupt the data on the XML database and threaten the security of the website. SQL injection is an attack on websites or any SQL database accomplished by inserting a malicious SQL statement in an entry field.

Exam with this question: 2.5.13 Check Your Understanding – Application Attacks