Certified Ethical Hacker (CEH v11) — Question 112
Scenario:
1. Victim opens the attacker's web site.
2. Attacker sets up a web site which contains interesting and attractive content like 'Do you want to make $1000 in a day?'.
3. Victim clicks to the interesting and attractive content URL.
4. Attacker creates a transparent 'iframe' in front of the URL which the victim attempts to click, so the victim thinks that he/she clicks on the 'Do you want to make
$1000 in a day?' URL but actually he/she clicks on the content or URL that exists in the transparent 'iframe' which is setup by the attacker.
What is the name of the attack which is mentioned in the scenario?
Answer options
- A. Session Fixation
- B. HTML Injection
- C. HTTP Parameter Pollution
- D. Clickjacking Attack
Correct answer: D
Explanation
The correct answer is D, Clickjacking Attack, as it specifically refers to the technique of tricking a user into clicking on something different from what they perceive. The other options, such as Session Fixation, HTML Injection, and HTTP Parameter Pollution, involve different types of vulnerabilities and attacks that do not accurately describe the scenario presented.