nerdexam
ExamsPT0-002Questions#169
CompTIACompTIA

PT0-002 · Question #169

PT0-002 Question #169: Real Exam Question with Answer & Explanation

The correct answer is C: Direct object reference. Insecure direct object reference (IDOR) is a vulnerability where the developer of the application does not implement authorization features to verify that someone accessing data on the site is allowed to access that data.

Attacks and Exploits

Question

During a penetration test, a tester is able to change values in the URL from example.com/login.php?id=5 to example.com/login.php?id=10 and gain access to a web application. Which of the following vulnerabilities has the penetration tester exploited?

Options

  • ACommand injection
  • BBroken authentication
  • CDirect object reference
  • DCross-site scripting

Explanation

Insecure direct object reference (IDOR) is a vulnerability where the developer of the application does not implement authorization features to verify that someone accessing data on the site is allowed to access that data.

Topics

#Direct Object Reference#Broken Access Control#Web application security#Penetration testing

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full PT0-002 PracticeBrowse All PT0-002 Questions