312-50V13 · Question #53
While using your bank's online servicing you notice the following string in the URL bar: 1" You observe that if you modify the Damount & Camount values and submit the request, that data on the web pag
The correct answer is C. Web Parameter Tampering. The ability to modify values in the URL parameters and have those changes reflected on the webpage indicates a Web Parameter Tampering vulnerability.
Question
Options
- ACookie Tampering
- BSQL Injection
- CWeb Parameter Tampering
- DXSS Reflection
How the community answered
(41 responses)- A20% (8)
- B10% (4)
- C66% (27)
- D5% (2)
Why each option
The ability to modify values in the URL parameters and have those changes reflected on the webpage indicates a Web Parameter Tampering vulnerability.
Cookie tampering involves modifying data stored in HTTP cookies, not directly in URL parameters.
SQL Injection involves injecting malicious SQL queries into input fields to manipulate database queries, which is distinct from simply modifying URL parameters for displayed values.
Web Parameter Tampering occurs when an attacker modifies parameters exchanged between a client and server (often in the URL query string, form fields, or HTTP headers) to alter application logic or data, such as changing transaction amounts. In this case, altering `Damount` and `Camount` in the URL directly affects the displayed data, indicating the application processes these modified parameters without proper validation.
XSS Reflection involves injecting client-side scripts (like JavaScript) into a web page that is then reflected back to the user, typically leading to script execution in the user's browser, not merely changing data values by altering URL parameters.
Concept tested: Web Parameter Tampering vulnerability
Source: https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/07-Input_Validation_Testing/04-Testing_for_Parameter_Tampering
Topics
Community Discussion
No community discussion yet for this question.