Eccouncil Exam 312-50v11 Topic 7 Question 21 Discussion

Actual exam question for Eccouncil's 312-50v11 exam

Question #: 21
Topic #: 7

Insecure direct object reference is a type of vulnerability where the application does not verify if the user is authorized to access the internal object via its name or key. Suppose a malicious user Rob tries to get access to the account of a benign user Ned.

Which of the following requests best illustrates an attempt to exploit an insecure direct object reference vulnerability?

A''GET /restricted/goldtransfer?to=Rob&from=1 or 1=1' HTTP/1.1Host: westbank.com''

B''GET /restricted/\r\n\%00account%00Ned%00access HTTP/1.1 Host: westbank.com''

C''GET /restricted/accounts/?name=Ned HTTP/1.1 Host westbank.com''

D''GET /restricted/ HTTP/1.1 Host: westbank.com

Show Suggested Answer

Suggested Answer: C

by Quentin at May 05, 2022, 02:12 PM

Limited Time Offer

25%

Off

Get Premium 312-50v11 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!