Insecure direct object reference is a type of vulnerability where the application does not verify if the user

adminJanuary 29, 2019

Insecure direct object

reference is a type of vulnerability where the application does not verify if the user is authorized to access the internal object via its name or key.

Suppose a malicious user Rob tries to get access to the account of a benign user Ned.

Which of the follo

wing requests best illustrates an attempt to exploit an insecure direct object reference vulnerability?

A. -GET/restricted/goldtransfer?to=Rob&from=1 or 1=1- HTTP/1.1Host: westbank.com-

B. -GET/restricted/accounts/?name=Ned HTTP/1.1 Host: westbank.com-

-GET/restricted/bank.getaccount(-Ned-) HTTP/1.1 Host: westbank.com-

D. -GET/restricted/\r\n\%00account%00Ned%00access HTTP/1.1 Host: westbank.com-

Get 50% Discount on All Your Purchases
at PrepAway.com - Latest Exam Questions

This is ONE TIME OFFER

Enter your email address to receive your 50% off dicount code:

SPECIAL OFFER: GET 50% OFF

Use Discount Code:

ECCouncil Exam Questions

Free EC-Council Study Guide

Insecure direct object reference is a type of vulnerability where the application does not verify if the user

Leave a Reply Cancel reply