Certified Ethical Hacker (CEH) — Question 68
While performing online banking using a Web browser, Kyle receives an email that contains an image of a well-crafted art. Upon clicking the image, a new tab on the web browser opens and shows an animated GIF of bills and coins being swallowed by a crocodile. After several days, Kyle noticed that all his funds on the bank was gone. What Web browser-based security vulnerability got exploited by the hacker?
Answer options
- A. Clickjacking
- B. Web Form Input Validation
- C. Cross-Site Request Forgery
- D. Cross-Site Scripting
Correct answer: C
Explanation
The correct answer is Cross-Site Request Forgery (CSRF), where the hacker tricks the user into executing unwanted actions on a web application in which they're authenticated. Clickjacking involves tricking users into clicking on something different than what they perceive, while Web Form Input Validation refers to validating user input to prevent attacks. Cross-Site Scripting (XSS) involves injecting malicious scripts into web pages, which is not the primary issue in this scenario.