nerdexam
EC-Council

312-50V13 · Question #53

While using your bank's online servicing you notice the following string in the URL bar: 1" You observe that if you modify the Damount & Camount values and submit the request, that data on the web pag

The correct answer is C. Web Parameter Tampering. The ability to modify values in the URL parameters and have those changes reflected on the webpage indicates a Web Parameter Tampering vulnerability.

Submitted by andreas_gr· Mar 6, 2026Hacking Web Applications

Question

While using your bank's online servicing you notice the following string in the URL bar: 1" You observe that if you modify the Damount & Camount values and submit the request, that data on the web page reflects the changes. Which type of vulnerability is present on this site?

Options

  • ACookie Tampering
  • BSQL Injection
  • CWeb Parameter Tampering
  • DXSS Reflection

How the community answered

(41 responses)
  • A
    20% (8)
  • B
    10% (4)
  • C
    66% (27)
  • D
    5% (2)

Why each option

The ability to modify values in the URL parameters and have those changes reflected on the webpage indicates a Web Parameter Tampering vulnerability.

ACookie Tampering

Cookie tampering involves modifying data stored in HTTP cookies, not directly in URL parameters.

BSQL Injection

SQL Injection involves injecting malicious SQL queries into input fields to manipulate database queries, which is distinct from simply modifying URL parameters for displayed values.

CWeb Parameter TamperingCorrect

Web Parameter Tampering occurs when an attacker modifies parameters exchanged between a client and server (often in the URL query string, form fields, or HTTP headers) to alter application logic or data, such as changing transaction amounts. In this case, altering `Damount` and `Camount` in the URL directly affects the displayed data, indicating the application processes these modified parameters without proper validation.

DXSS Reflection

XSS Reflection involves injecting client-side scripts (like JavaScript) into a web page that is then reflected back to the user, typically leading to script execution in the user's browser, not merely changing data values by altering URL parameters.

Concept tested: Web Parameter Tampering vulnerability

Source: https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/07-Input_Validation_Testing/04-Testing_for_Parameter_Tampering

Topics

#Web application security#Parameter tampering#URL manipulation#Input validation

Community Discussion

No community discussion yet for this question.

Full 312-50V13 Practice