Certified Ethical Hacker (CEH v11) — Question 263

What type of a vulnerability/attack is it when the malicious person forces the user's browser to send an authenticated request to a server?

Answer options

• A. Session hijacking
• B. Server side request forgery
• C. Cross-site request forgery
• D. Cross-site scripting

Correct answer: C

Explanation

The correct answer is C, Cross-site request forgery (CSRF), which occurs when an attacker tricks a user into executing unwanted actions on a different site where they are authenticated. Session hijacking (A) involves taking over a user's active session, while Server side request forgery (B) refers to making unauthorized requests from a server. Cross-site scripting (D) involves injecting malicious scripts into web pages, which is a different type of attack.