Q: 7
Refer to the exhibit.
Which kind of attack method is depicted in this string?
Which kind of attack method is depicted in this string?Options
Discussion
Option A since official study materials and practice exams both flag javascript: in IMG tags as cross-site scripting.
Not B, A. The string uses an <IMG SRC=javascript:...> tag, which is textbook cross-site scripting (XSS), not SQL injection or MITM. B is a bit of a trap here since the code looks odd at first glance, but it's about browser code execution, not interception or DB queries. Pretty sure A is right, open to more input if I missed something.
Seen this style before in some exam reports, went with A.
C/A? Saw similar on exam report, went with A since it's classic XSS pattern.
Always get tripped up on these, C or A
Not sure how anyone gets B or D here, that image string is textbook XSS not SQL injection.
A
A is right here. Official exam guide and practice tests both emphasize XSS when you see a
javascript: in tags. Let me know if someone saw a different pattern, but pretty sure it’s A.A
Nah, I don’t think it’s C. That string looks like classic cross-site scripting (so A) since nothing SQL related shows up.
Be respectful. No spam.
