412-79V10 Question #5: Real Exam Question with Answer & Explanation

Thomas is an attacker and he skimmed through the HTML source code of an online shopping website for the presence of any vulnerabilities that he can exploit to gain access to the database of the organization. He came across a GET request displayed as https://shoponline.com/typeproduct.php?ITEM=mobile&PRICE=1000 in the application which (ITEM, PRICE, GET, or POST) parameters are being utilized to filter out information. He also came across the prices mentioned for products identified by the user like (quantity, color, and size) and some are not (like price). While skimming through the HTML code, he identified that the price field values of the items are present in the HTML code. He modified the price field value of an item from 1000 to 500 in the HTML code and submitted the request successfully to the application. Identify the type of attack performed by Thomas on the online shopping website?