GIAC Penetration Tester (GPEN) — Question 75

How can web server logs be leveraged to perform Cross-Site Scripting (XSSI?

Answer options

• A. Web logs containing XSS may execute shell scripts when opened In a GUI textbrowser
• B. XSS attacks cause web logs to become unreadable and therefore are an effective DOS attack.
• C. If web logs are viewed in a web-based console, log entries containing XSS mayexecute on the browser.
• D. When web logs are viewed in a terminal. XSS can escape to the shell and executecommands.

Correct answer: C

Explanation

The correct answer is C because viewing web logs in a web-based console can lead to the execution of XSS payloads directly in the browser. Option A is incorrect because GUI text browsers do not execute scripts. Option B is not valid, as XSS does not necessarily make logs unreadable, and while option D mentions terminal access, it does not accurately reflect how XSS operates in a web context.