Question

Which of the following is a major difference between XSS attacks and remote code exploits?

- XSS attacks use machine language, while remote exploits use interpreted language
- XSS attacks targets servers, while remote code exploits targets clients
- Remote code exploits aim to escalate attackers’ privileges, while XSS attacks aim to gain access only
- Remote code exploits allow writing code at the client side and executing it, while XSS attacks require no code to work.

Answer 1

Option (c) Remote code exploits aim to escalate attackers’ privileges, while XSS attacks aim to gain access only

Step-by-step explanation:

• XSS stands for Cross-site Scripting. In this types of attacks, a malicious code is injected in the trusted web sites and it sends the malicious code into the users. The users think that the genuine code was sent but not.
• This involves sending server side scripts which are executed by the user and these may even change the html pages too.
• Remote code exploitation means the user can inject the code and try to gain access. Usually, all the programming languages have evaluation functions if used the user can try to gain the access with this evaluation functions.
• This can lead to the compromise of the whole web server too.So, it is not a good practice to use the evaluation functions by the developers.
• In this type of attack, the attacker tries to inject the code remotely.
• Option (c) is correct and options (a),(b) and (d) are wrong options.