CompTIA PenTest+ (PT0-003) — Question 205

During a security assessment of an e-commerce website, a penetration tester wants to exploit a vulnerability in the web server’s input validation that will allow unauthorized transactions on behalf of the user. Which of the following techniques would most likely be used for that purpose?

Answer options

• A. Privilege escalation
• B. DOM injection
• C. Session hijacking
• D. Cross-site scripting

Correct answer: C

Explanation

Session hijacking is the correct answer because it involves taking over a user's session to perform actions on their behalf, which aligns with executing unauthorized transactions. Privilege escalation refers to gaining higher access rights, while DOM injection and Cross-site scripting are more about injecting code rather than directly exploiting session vulnerabilities.