Computer Hacking Forensic Investigator (CHFI v10) — Question 602
You are carrying out the last round of testing for your new website before it goes live. The website has many dynamic pages and connects to a SQL backend that accesses your product inventory in a database. You come across a web security site that recommends inputting the following code into a search field on web pages to check for vulnerabilities: When you type this and click on search, you receive a pop-up window that says: "This is a test."
What is the result of this test?
Answer options
- A. Your website is vulnerable to CSS
- B. Your website is not vulnerable
- C. Your website is vulnerable to SQL injection
- D. Your website is vulnerable to web bugs
Correct answer: A
Explanation
The correct answer is A because receiving a pop-up indicating 'This is a test' suggests that the website is processing the input in an unexpected manner, which may indicate a cross-site scripting (XSS) vulnerability. Option B is incorrect as the presence of the pop-up indicates a potential security issue. Option C incorrectly suggests SQL injection, which is not directly indicated by this test, and D refers to web bugs that are unrelated to the vulnerability being tested.