hiexam
eccouncil · 312-50v11 · Q427 · multiple_choice · topic_1

While using your bank's online servicing you notice the following string in the URL bar: `http://www.MyPersonalBank.com…

While using your bank's online servicing you notice the following string in the URL bar: `http://www.MyPersonalBank.com/account?id=368940911028389&Damount=10980&Camount=21` You observe that if you modify the Damount & Camount values and submit the request, that data on the web page reflect the changes. Which type of vulnerability is present on this site?
  • A.Cookie Tampering
  • B.SQL Injection
  • C.Web Parameter Tampering
  • D.XSS Reflection
Explanation
Explanation/Reference: The Web Parameter Tampering attack is based on the manipulation of parameters exchanged between client and server in order to modify application data, such as user credentials and permissions, price and quantity of products, etc. Usually, this information is stored in cookies, hidden form fields, or URL Query Strings, and is used to increase application functionality and control. References: https://www.owasp.org/index.php/Web_Parameter_Tampering

Reference: examtopics_top_comment

Practice with progress tracking

Sign in to track wrong answers, get spaced-repetition reminders, and run timed exam mode.

Start tracked practicePricing