Certified Ethical Hacker (CEH v10) — Question 174

An attacker changes the profile information of a particular user (victim) on the target website. The attacker uses this string to update the victim's profile to a text file and then submit the data to the attacker's database.
<iframe src=""http://www.vulnweb.com/updateif.php"" style=""display:none""></iframe>
What is this type of attack (that can use either HTTP GET or HTTP POST) called?

Answer options

• A. Cross-Site Request Forgery
• B. SQL Injection
• C. Browser Hacking
• D. Cross-Site Scripting

Correct answer: A

Explanation

The correct answer is Cross-Site Request Forgery (CSRF), which exploits the trust that a website has in a user's browser. The other options do not apply as SQL Injection focuses on database manipulation, Browser Hacking is a vague term, and Cross-Site Scripting (XSS) involves injecting scripts into web pages rather than altering profile information directly.