🔥 3-day streak
CompTIA PenTest+ (PT0-003)133 / 175
Question 133 of 175
During a web application assessment, a tester notices that the application reflects the value of the X-Forwarded-Host header into an absolute URL used to load a JavaScript file, and that responses are served through a CDN. The tester crafts a request with a malicious X-Forwarded-Host value and observes that subsequent requests from other clients (without the malicious header) receive the poisoned response containing the attacker-controlled script source. Which attack has the tester successfully demonstrated?
Reviewed for accuracy · Report an issueNext question