Certified Ethical Hacker (CEH v10) — Question 104
Scenario:
1. Victim opens the attacker's web site.
2. Attacker sets up a web site which contains interesting and attractive content like 'Do you want to make $1000 in a day?'.
3. Victim clicks to the interesting and attractive content URL.
4. Attacker creates a transparent 'iframe' in front of the URL which victim attempts to click, so victim thinks that he/she clicks to the 'Do you want to make $1000 in a day?' url but actually he/she clicks to the content or UPL that exists in the transparent 'iframe' which is setup by the attacker.
What is the name of the attack which is mentioned in the scenario?
Answer options
- A. Session Fixation
- B. HTML Injection
- C. HTTP Parameter Pollution
- D. Clickjacking Attack
Correct answer: D
Explanation
The correct answer is 'Clickjacking Attack' because this type of attack involves tricking a user into clicking on an element that is concealed by an overlay, leading them to interact with unintended content. The other options, such as Session Fixation, HTML Injection, and HTTP Parameter Pollution, refer to different types of vulnerabilities and attacks that do not involve deceptive clicks on overlays.