CSS Attacks Flashcards
What are the 3 main types of XSS attacks?
Reflected XSS
Stored XSS
DOM-based XSS
What is Cross-Site Scripting (XSS)?
A) A method of intercepting network traffic between a client and server.
B) An attack where malicious scripts are injected into web pages viewed by other users.
C) A technique to exploit vulnerabilities in the server’s operating system.
D) A process of encrypting sensitive data transmitted over the internet.
B) An attack where malicious scripts are injected into web pages viewed by other users.
What is a common vector used to execute a cross-site scripting (XSS) attack?
A) SQL injection
B) Buffer overflow
C) Input validation
D) Injection of malicious scripts into web pages
D) Injection of malicious scripts into web pages
Which type of XSS attack involves injecting malicious scripts directly into the HTML markup of a web page?
A) Stored XSS
B) Reflected XSS
C) DOM-based XSS
D) Persistent XSS
A) Stored XSS
In a reflected XSS attack, where does the injected malicious script originate from?
A) The attacker’s server
B) A vulnerable web application
C) The victim’s browser
D) An email attachment
C. The victim’s browser
Which HTTP header can help mitigate the risk of XSS attacks by instructing the browser to restrict how content is loaded and executed?
A) Content-Encoding
B) Access-Control-Allow-Origin
C) Content-Security-Policy
D) Cross-Origin-Resource-Policy
C) Content-Security-Policy
What is a common impact of successful XSS attacks?
A) Unauthorized access to databases
B) Execution of arbitrary code on the victim’s browser
C) Overloading the server with excessive requests
D) Manipulation of server-side files
B) Execution of arbitrary code on the victim’s browser
Which of the following is an example of a DOM-based XSS attack?
A) Injecting a malicious script into a search field that gets reflected back in the search results.
B) Inserting a malicious script into a comment section of a blog post.
C) Modifying the content of an HTML page using JavaScript to execute arbitrary code.
D) Intercepting and altering HTTP requests and responses to inject malicious scripts.
C) Modifying the content of an HTML page using JavaScript to execute arbitrary code.**
What is a potential consequence of an XSS attack?
A) Corrupting system files on the server.
B) Stealing sensitive user information such as login credentials.
C) Slowing down network performance by flooding it with traffic.
D) Triggering a denial-of-service (DoS) attack on the web server.
B) Stealing sensitive user information such as login credentials.
How can developers prevent XSS vulnerabilities in their web applications?
A) Implementing strict input validation and output encoding.
B) Disabling JavaScript execution in the browser.
C) Using weak encryption algorithms to obfuscate sensitive data.
D) Allowing users to input HTML tags freely without validation.
A) Implementing strict input validation and output encoding.
Which type of XSS attack occurs when user input is stored on the server and then displayed to other users without proper validation?
A) Reflected XSS
B) Stored XSS
C) DOM-based XSS
D) Cross-Site Request Forgery (CSRF)
B) Stored XSS
What is the purpose of a SameSite cookie attribute in mitigating XSS attacks?
A) It prevents cookies from being sent in cross-origin requests.
B) It encrypts sensitive data before storing it in cookies.
C) It restricts access to cookies based on the user’s IP address.
D) It limits the scope of cookies to same-origin requests, reducing the risk of XSS attacks.
D) It limits the scope of cookies to same-origin requests, reducing the risk of XSS attacks.
Which type of XSS attack allows an attacker to execute malicious scripts stored on a web server?
A) Reflected XSS
B) Stored XSS
C) DOM-based XSS
D) Server-side XSS
B) Stored XSS
How does Reflected XSS differ from Stored XSS?
A) Reflected XSS exploits vulnerabilities in the server’s configuration, while Stored XSS exploits input validation flaws in web forms.
B) Reflected XSS injects malicious scripts directly into web pages, while Stored XSS stores scripts on the server for later execution.
C) Reflected XSS requires user interaction to execute, while Stored XSS executes automatically when the victim visits a compromised web page.
D) Reflected XSS targets client-side scripts, while Stored XSS targets server-side scripts.
C) Reflected XSS requires user interaction to execute, while Stored XSS executes automatically when the victim visits a compromised web page.**
Which of the following scenarios is an example of a DOM-based XSS attack?
A) An attacker injects a malicious script into a web form, which is then stored in the application’s database and executed when viewed by other users.
B) An attacker exploits a vulnerability in a web server to inject malicious scripts into web pages, compromising the security of visitors.
C) An attacker manipulates the Document Object Model (DOM) of a web page to execute malicious scripts in the victim’s browser.
D) An attacker sends a link containing malicious code to a victim, tricking them into clicking it and executing the script.
C) An attacker manipulates the Document Object Model (DOM) of a web page to execute malicious scripts in the victim’s browser.