SQL injection vulnerability could be used to launch reflective cross site scripting attack.

Question

BlackTom AI · Accepted Answer

Consider the relationship between SQL injection (SQLi) and cross-site scripting (XSS). 
Option 1: True. In practice, SQLi can be a pathway that enables XSS attacks, including reflective XSS, under certain conditions. If an attacker exploits SQLi to retrieve or insert data that contains a malicious script, and that data is then reflected into a web page or echoed back in a response without proper sanitization, the script can execute in the victim's browser. In other words, SQLi can enable conditions where user-supplied data is injected into output that the server renders, which is a core mechanism for reflective XSS. The key idea is that the vulnerability chain (input → server-side processing → output) can include both SQLi and XSS in combination, making it plausible that SQLi could be used to facilitate reflective XSS 
Option 2: False. This statement is too absolute and overlooks possibilities. While SQLi can help enable XSS in some scenarios, it is not the only path to XSS, and not every SQLi exploitation results in reflective XSS. Some SQLi exploits may not involve outputting attacker-controlled content in a way that is reflected immediately, or the server may properly sanitize/neutralize the data before rendering, preventing XSS. Therefore, asserting that SQL injection vulnerability could be used to launch reflective XSS in all cases is an overgeneralization.

202580-ITIS-4221-001:ITIS-5221-001-XLSDO202580_Combined Midterm Exam Practice

SQL injection vulnerability could be used to launch reflective cross site scripting attack.

查看解析

登录即可查看完整答案

类似问题

An online purchase web application which lets javascript in the browser filter out invalid negative payment amounts is vulnerable to __________.

Attackers may perform reconnaissance on your website by changing parameters using a man-in-the-middle proxy.

Content Security Policy (CSP) is enforced by

SQL injection vulnerability could be used to launch reflective cross site scripting attack.

Content Security Policy (CSP) is enforced by

Which of the following is NOT a web security attack?

In a consumer society, many adults channel creativity into buying things

Economic stress and unpredictable times have resulted in a booming industry for self-help products

更多留学生实用工具

考试浏览器助手

风格化写作助手

论文查重助手

文献引用助手

课堂转译助手

课堂笔记助手

Quiz搜索助手

学校历年真题

智能刷题助手

智能匹配练习

希望你的学习变得更简单