Which of the following can be used to perform session hijacking?
Each correct answer represents a complete solution. (Choose all that apply.)

Question

Which of the following can be used to perform session hijacking? Each correct answer represents a complete solution. (Choose all that apply.)

Accepted Answer

Correct answer: A, B, D. A. Cross-site scripting — B. Session fixation — D. Session sidejacking — The correct answers are A, B, and D because they are all techniques that exploit session management vulnerabilities. Cross-site scripting (A) can inject malicious scripts to steal session cookies, session fixation (B) forces a user's session to adopt a predetermined ID, and session sidejacking (D) captures session tokens over unsecured networks. ARP spoofing (C), while a network attack, does not directly relate to session hijacking.

GIAC Certified Incident Handler (GCIH) — Question 91

Answer options

Correct answer: A, B, D

Explanation