Certified Ethical Hacker (CEH v12) — Question 236

During a penetration test, an ethical hacker is exploring the security of a complex web application. The application heavily relies on JavaScript for client-side input sanitization, with an apparent assumption that this alone is adequate to prevent injection attacks. During the investigation, the ethical hacker also notices that the application utilizes cookies to manage user sessions but does not enable the HttpOnly flag. This lack of flag potentially exposes the cookies to client-side scripts. Given these identified vulnerabilities, what would be the most effective strategy for the ethical hacker to exploit this application?

Answer options

• A. Instigate a Distributed Denial of Service (DDoS) attack to overload the server, capitalizing on potential weak server-side security.
• B. Implement an SQL Injection attack to take advantage of potential unvalidated input and gain unauthorized database access.
• C. Employ a brute-force attack to decipher user credentials, considering the lack of server-side validation.
• D. Launch a Cross-Site Scripting (XSS) attack, aiming to bypass the client-side sanitization and exploit the exposure of session cookies.

Correct answer: D

Explanation

The correct answer is D because a Cross-Site Scripting (XSS) attack can leverage the weaknesses in client-side sanitization and the lack of the HttpOnly flag on cookies, allowing an attacker to access sensitive session information. Options A, B, and C do not directly exploit the identified vulnerabilities related to JavaScript sanitization and cookie exposure, making them less effective in this context.