EC-Council
312-50V10 · Question #1
312-50V10 Question #1: Real Exam Question with Answer & Explanation
Sign in or unlock 312-50V10 to reveal the answer and full explanation for question #1. The question stem and answer options stay visible for context.
Question
Insecure direct object reference is a type of vulnerability where the application does not verify if the user is authorized to access the internal object via its name or key. Suppose a malicious user Rob tries to get access to the account of a benign user Ned. Which of the following requests best illustrates an attempt to exploit an insecure direct object reference vulnerability?
Options
- A"GET/restricted/goldtransfer?to=Rob&from=1 or 1=1' HTTP/1.1Host: westbank.com"
- B"GET/restricted/accounts/?name=Ned HTTP/1.1 Host: westbank.com"
- C"GET/restricted/bank.getaccount(`Ned') HTTP/1.1 Host: westbank.com"
- D"GET/restricted/\r\n%00account%00Ned%00access HTTP/1.1 Host: westbank.com"
Unlock 312-50V10 to see the answer
You've previewed enough free 312-50V10 questions. Unlock 312-50V10 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.