What type of attack involves exploiting a vulnerability to gain root privileges on a web server?

The type of attack that involves exploiting a vulnerability to gain root privileges on a web server is privilege escalation. This occurs when an attacker takes advantage of a flaw or weakness in the system to gain higher access levels than initially intended. For instance, if an application has a vulnerability that allows a regular user to execute commands with root privileges, the attacker can escalate their position within the system, potentially leading to significant damage, theft of sensitive data, or loss of control over the server.

In contrast, SQL injection refers to a technique used to exploit vulnerabilities in a web application's database by inserting malicious SQL queries. Cross-site scripting involves injecting malicious scripts into web pages viewed by other users, allowing the attacker to perform actions on behalf of those users within their browsers. Session hijacking is a method in which an attacker takes over a user session by stealing the session token, leading to unauthorized access to the user's account but not necessarily resulting in root privileges.

Privilege escalation specifically targets gaining elevated permissions, making it distinct from the other options which address different types of vulnerabilities and attack methodologies.