Certified Ethical Hacker v11 312-50v11 – Question300

An attacker changes the profile information of a particular user (victim) on the target website. The attacker uses this string to update the victim's profile to a text file and then submit the data to the attacker's database.

<iframe src=""http://wm.vulnweb.com/updateif.php"" style=""display:none"">
</iframe >

What is this type of attack (that can use either HTTP GET or HTTP POST) called?

A.
Browser Hacking
B. Cross-Site Scripting
C. SQL Injection
D. Cross-Site Request Forgery

Correct Answer: D