CompTIA PenTest+ (PT0-003) — Question 203
During a web application assessment, a penetration tester identifies an input field that allows JavaScript injection. The tester inserts a line of JavaScript that results in a prompt, presenting a text box when browsing to the page going forward. Which of the following types of attacks is this an example of?
Answer options
- A. SQL injection
- B. SSRF
- C. XSS
- D. Server-side template injection
Correct answer: C
Explanation
The correct answer is C, XSS (Cross-Site Scripting), as this attack involves injecting JavaScript into a web application that executes in the user's browser. The other options, such as SQL injection, SSRF (Server-Side Request Forgery), and Server-side template injection, pertain to different vulnerabilities that do not involve executing scripts in the user's browser context.