During a penetration test, you notice that a web application accepts user input and displays it directly in the browser without sanitization. Which attack is most likely to succeed?
Trap 1: SQL Injection
SQL injection targets database queries, not browser output.
Trap 2: Cross-Site Request Forgery (CSRF)
CSRF exploits user authentication to perform unauthorized actions.
Trap 3: Command Injection
Command injection targets server-side command execution.
- A
SQL Injection
Why wrong: SQL injection targets database queries, not browser output.
- B
Cross-Site Request Forgery (CSRF)
Why wrong: CSRF exploits user authentication to perform unauthorized actions.
- C
Cross-Site Scripting (XSS)
Reflected XSS is the direct result of unsanitized input displayed in the browser.
- D
Command Injection
Why wrong: Command injection targets server-side command execution.