GIAC Certified Incident Handler (GCIH) — Question 72
A victim browses to a news aggregator website through a link sent to them by an attacker. The attacker then alters the page delivered to the victim's browser and includes malicious links. What flaw on the news aggregator website allowed this attack to happen?
Answer options
- A. SQL Injection
- B. Reflected XSS
- C. Cross-Site Request Forgery
- D. Buffer Overflow
Correct answer: C
Explanation
The correct answer is C, Cross-Site Request Forgery, as it enables an attacker to trick the victim into executing unwanted actions on a web application where they are authenticated. Options A (SQL Injection), B (Reflected XSS), and D (Buffer Overflow) do not directly relate to the scenario of altering content delivered to the user's browser in this context.