Exam 312-39 topic 1 question 63 discussion

Actual exam question from ECCouncil's 312-39

Question #: 63
Topic #: 1

An attacker exploits the logic validation mechanisms of an e-commerce website. He successfully purchases a product worth $100 for $10 by modifying the URL exchanged between the client and the server.
Original URL: http://www.buyonline.com/product.aspx?profile=12&debit=100
Modified URL: http://www.buyonline.com/product.aspx?profile=12&debit=10
Identify the attack depicted in the above scenario.

A. Denial-of-Service Attack
B. SQL Injection Attack
C. Parameter Tampering Attack
D. Session Fixation Attack

Show Suggested Answer

Suggested Answer: C 🗳️

by Teodorus1 at Jan. 22, 2023, 5:06 p.m.

Comments

Submit Cancel

Berro_b

1 month, 4 weeks ago

Selected Answer: C

C- Parameter tampering attack involves the manipulation of parameters exchanged between server and client to modify the application data, such as price and quantity of products, permissions, and user credentials. p.120

upvoted 1 times

...

Man_San

1 year ago

Selected Answer: C

the right answer is C

upvoted 3 times

...

SchFiftySchFive

1 year, 4 months ago

I agree the correct answer is C. The attacker is changing parameters in the URL to change the price of an item. None of the details indicate a session fixation attack.

upvoted 2 times

...

Teodorus1

1 year, 5 months ago

Correct answer - C.

upvoted 4 times

...