GIAC Foundational Cybersecurity Technologies Practice Test

Which of the following is a common result of a reflected cross-site scripting attack?

• A. Tricking a user into making an authenticated transaction
• B. Sending a website user's session cookie to an attacker
• C. Embedding the attacker's malware in web application source code
• D. Stealing password hashes from a website's back end database

The correct answer is: Sending a website user's session cookie to an attacker

A reflected cross-site scripting (XSS) attack involves an attacker injecting malicious script code into a website, which is then reflected back to the user's browser. This typically occurs through user input fields that are improperly validated. When a victim clicks on a crafted link containing the malicious script, their browser executes it as if it were legitimate content from the website. The common result of this type of attack is that the script can access sensitive information about the user, such as session cookies. These cookies are essential for maintaining the user's session and identifying them to the server. If an attacker manages to capture a session cookie, they could impersonate the user, gaining unauthorized access to their accounts and sensitive information. This makes the option of sending a website user's session cookie to an attacker particularly relevant in the context of a reflected XSS attack. Other possible outcomes, while serious, do not directly relate to the typical mechanics of a reflected XSS. For instance, tricking a user into making an authenticated transaction often occurs in other types of attacks, like phishing, rather than being a direct consequence of reflected XSS itself. Embedding malware in web application source code is more aligned with stored XSS attacks, where the malicious code is permanently stored on the server. Finally,