🔥 3-day streak
CompTIA PenTest+ (PT0-003)124 / 175
Question 124 of 175
During a web application assessment, you discover that a comment field on a product review page reflects unsanitized input that persists and executes for every visitor who loads the page. Your goal is to demonstrate impact by capturing authenticated user session tokens. However, testing reveals that the application sets its session cookie with the HttpOnly flag. Which technique should you use to still demonstrate meaningful session-related impact from this stored XSS?
Reviewed for accuracy · Report an issueNext question