CompTIA Security+ (SY0-501) — Question 947

A web application is configured to target browsers and allow access to bank accounts to siphon money to a foreign account.
This is an example of which of the following attacks?

Answer options

• A. SQL injection
• B. Header manipulation
• C. Cross-site scripting
• D. Flash cookie exploitation

Correct answer: C

Explanation

The correct answer is C, as Cross-site scripting allows attackers to inject malicious scripts into web pages viewed by users, which can lead to unauthorized access to sensitive information like bank accounts. Options A, B, and D do not directly involve injecting scripts into web pages to manipulate user sessions for financial fraud.