Which attack involves exploiting an application integrated with vulnerable web services to inject a malicious script that discloses and modifies data?

• A. Web Service Attack
• B. Cookie Snooping
• C. Parameter/Form Tampering
• D. Insufficient Transport Layer Protection

Answer: (A)

Exploiting an application that uses vulnerable web services to inject a malicious script is a web service attack. This type of attack targets the interface that communicates with web services (like SOAP or REST) and leverages weak input handling, insecure deserialization, or improper service design to push in and execute harmful scripts. When such a script runs, it can access sensitive data exposed by the service and can alter data or the service’s behavior, effectively disclosing information and modifying records through the compromised web service flow. This focuses on abusing the web service integration itself to inject code, rather than merely stealing cookies, tampering form data in requests, or protecting data in transit.