Certified Incident Handler (CIH) Practice Ecam

What encoded URL method can help an attacker perform an XSS attack?

• A. http://www.bank.com/accounts.php?id=1+uni%0bon+se%0blect+1,2,3--
• B. http://www.bank.com/accounts.php?id=2+UNION+ALL+SELECT
• C. http://www.bank.com/accounts.php?id=3;DROP TABLE
• D. http://www.bank.com/accounts.php?id=1%20OR%201=1

The correct answer is: http://www.bank.com/accounts.php?id=1+uni%0bon+se%0blect+1,2,3--

The method described in the first choice demonstrates a specific technique often used in XSS (Cross-Site Scripting) attacks, particularly through the manipulation of the URL to inject commands into a web application that may not properly sanitize its input. The use of encoded characters and constructs, such as %0b, can introduce unexpected behavior in the application, exploiting vulnerabilities that allow execution of arbitrary code or unintended actions. In this case, the "%0b" represents a URL-encoded line feed character that can facilitate SQL injection or command execution within certain contexts, leading to XSS if the injected payload generates script execution without proper filtering. Recognizing the structure of the payload here, the attacker aims to manipulate the application's database query to reveal or execute sensitive actions, possibly including script execution in the context of a web page. This method is a clear example of how attackers can leverage flawed input validation and encoding in URLs to carry out malicious activities like XSS. The other options, while they may represent forms of SQL injection or command execution, do not specifically illustrate the same mechanism used to exploit XSS through encoded URL methods as clearly as the first choice. They primarily embody SQL-related attacks without the explicit inclusion of elements that would effectively lead to XSS, which is