Exam 312-50v11 topic 1 question 284 discussion

The correct answer is C. -GET/restricted/accounts/?name=Ned HTTP/1.1 Host: westbank.com-

Answer is C. A. -GET /restricted/goldtransfer?to=Rob&from=1 or 1=1-" HTTP/1.1Host: westbank.com- B. -GET /restricted/\r\n\%00account%00Ned%00access HTTP/1.1 Host: westbank.com- C. -GET /restricted/accounts/?name=Ned HTTP/1.1 Host westbank.com- D. -GET /restricted/ HTTP/1.1 Host: westbank.com

I think B is correct!!?? The request that best illustrates an attempt to exploit an insecure direct object reference vulnerability is option B: "GET /restricted/rn%00account%00Ned%00access HTTP/1.1 Host: westbank.com". This request contains a null byte ("%00") that separates the "rn" (resource name) from "account" and "Ned" in the URL. This could potentially fool the application into treating "Ned" as an access control parameter, allowing Rob to access Ned's account without proper authorization. This technique is also known as a null byte injection attack. Option A is an example of SQL injection, where an attacker tries to modify the query to retrieve unauthorized data. Option C is an example of parameter tampering, where an attacker tries to modify a parameter value to gain access to unauthorized data. Option D is an example of a generic request that does not appear to be targeting a specific resource or attempting to exploit a vulnerability.

Bypassing IDOR via Parameter Pollution Insecure direct object reference (IDOR) is a vulnerability that arises when developers disclose references to internal data enforcement objects such as database keys, directories, and other files, that can be exploited by an attacker to modify the references and gain unauthorized access to data. EX: api.xyz.com/profile/user_id=654&user_id=321 (P.1950/1934)

correct