ExamTopics Logo
Mail Us[email protected]
Menu
Eccouncil Discussions
exam questions

Exam 312-50v11 All Questions

View all questions & answers for the 312-50v11 exam
Go to Exam

Exam 312-50v11 topic 1 question 101 discussion

Actual exam question from ECCouncil's 312-50v11
Question #: 101
Topic #: 1
[All 312-50v11 Questions]

While using your bank's online servicing you notice the following string in the URL bar:
`http://www.MyPersonalBank.com/account?id=368940911028389&Damount=10980&Camount=21`
You observe that if you modify the Damount & Camount values and submit the request, that data on the web page reflect the changes.
Which type of vulnerability is present on this site?

  • A. Cookie Tampering
  • B. SQL Injection
  • C. Web Parameter Tampering
  • D. XSS Reflection
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by americaman80 at April 15, 2021, 2:06 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
americaman80
Highly Voted 2 years, 2 months ago
Explanation/Reference: The Web Parameter Tampering attack is based on the manipulation of parameters exchanged between client and server in order to modify application data, such as user credentials and permissions, price and quantity of products, etc. Usually, this information is stored in cookies, hidden form fields, or URL Query Strings, and is used to increase application functionality and control. References: https://www.owasp.org/index.php/Web_Parameter_Tampering
upvoted 15 times
...
calin2020
Highly Voted 1 year, 11 months ago
Admins, please fix characters
upvoted 6 times
Scryptic
1 year, 10 months ago
If each person emailed the admins directly with examples of these unicode chars, maybe they would purge them for the question database. You can google these lines with the unicode and find out all the sites that are using the exact same questions. Obviously, ET has copied this from some other site who may have inserted them as a form of Watermarking to protect their IP. Email them everyone!
upvoted 4 times
...
...
Daniel8660
Most Recent 8 months, 3 weeks ago
Selected Answer: C
Web Application Threats OWASP Top 10 Application Security Risks Security Misconfiguration - Parameter/Form Tampering A web parameter tampering attack involves the manipulation of parameters exchanged between the client and the server to modify application data such as user credentials and permissions. This information is actually stored in cookies, hidden form fields, or URL query strings. (P.1770/1754)
upvoted 2 times
...
noblethic
1 year ago
Selected Answer: C
Web parameter tampering.
upvoted 1 times
...
ANDRESCB1988
1 year, 11 months ago
correct
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel