Computer Hacking Forensic Investigator (CHFI v10) — Question 376

James, a hacker, identifies a vulnerability in a website. To exploit the vulnerability, he visits the login page and notes down the session ID that is created. He appends this session ID to the login URL and shares the link with a victim. Once the victim logs into the website using the shared URL, James reloads the webpage (containing the URL with the session ID appended) and now, he can browse the active session of the victim. Which attack did James successfully execute?

Answer options

• A. Cross Site Request Forgery
• B. Cookie Tampering
• C. Parameter Tampering
• D. Session Fixation Attack

Correct answer: D

Explanation

James executed a Session Fixation Attack because he manipulated the session ID to gain access to the victim's active session. In this attack, the attacker sets a session ID and tricks the victim into using it, allowing the attacker to hijack the session. The other options do not correctly describe the method used by James in this scenario.