Certified SOC Analyst (CSA) — Question 30

An attacker, in an attempt to exploit the vulnerability in the dynamically generated welcome page, inserted code at the end of the company’s URL as follows: http://technosoft.com.com/<script>alert("WARNING: The application has encountered an error");</script>.
Identify the attack demonstrated in the above scenario.

Answer options

• A. Cross-site Scripting Attack
• B. SQL Injection Attack
• C. Denial-of-Service Attack
• D. Session Attack

Correct answer: D

Explanation

The correct answer is D, as the scenario describes an attempt to manipulate user sessions through injected JavaScript, which is indicative of session attacks. Options A and B refer to different attack types that do not involve session manipulation, while C describes an attack aimed at disrupting service rather than exploiting session vulnerabilities.