Question

    Which of the following is a characteristic of Cross-Site

    Request Forgery (CSRF) attacks?
    A It relies on browser vulnerabilities to steal session cookies. Correct Answer Incorrect Answer
    B It requires the victim to be authenticated on the target site. Correct Answer Incorrect Answer
    C It exploits input fields to execute unauthorized SQL commands Correct Answer Incorrect Answer
    D It floods servers with malicious traffic to cause downtime Correct Answer Incorrect Answer
    E It injects malicious scripts into user input fields. Correct Answer Incorrect Answer

    Solution

    Cross-Site Request Forgery (CSRF) exploits the trust a website has in a user’s browser. An attacker tricks an authenticated user into performing unintended actions, such as transferring money or changing account details, without their consent. For instance, a malicious email link might force a logged-in bank user to transfer money to the attacker’s account.

    1. Key Condition: The victim must be logged in, as CSRF exploits authenticated sessions.
    2. Impact: CSRF can lead to unauthorized transactions, changes in user settings, and other unintended operations.
    3. Prevention: Developers can use anti-CSRF tokens, verify the HTTP Referrer header, and require user re-authentication for sensitive actions.
    Why Other Options Are Incorrect:
    • Browser vulnerabilities: CSRF exploits user actions and session trust, not browser vulnerabilities.
    • SQL commands: This describes SQL Injection, not CSRF.
    • Flooding servers: This characterizes DDoS attacks, unrelated to session misuse.
    • Script injection: Script injection is XSS, not CSRF.

    Practice Next
    More Basics of Computers Questions
    ask-question