Certified Ethical Hacker (CEH v10) — Question 76

What type of vulnerability/attack is it when the malicious person forces the user's browser to send an authenticated request to a server?

Answer options

• A. Cross-site request forgery
• B. Cross-site scripting
• C. Session hijacking
• D. Server side request forgery

Correct answer: A

Explanation

The correct answer is A, Cross-site request forgery, as it specifically involves tricking the user's browser into making an unwanted request using their credentials. Option B, Cross-site scripting, involves injecting malicious scripts into webpages, while C, Session hijacking, refers to taking over a user's active session. D, Server side request forgery, pertains to manipulating server requests, but not directly involving the user's browser in the same manner.