Which of the following requests best illustrates an attempt to exploit an insecure direct object reference vulnerability?

Insecure direct object reference is a type of vulnerability where the application does not verify if the user is authorized to access the internal object via its name or key.

Suppose a malicious user Rob tries to get access to the account of a benign user Ned.

Which of the following requests best illustrates an attempt to exploit an insecure direct object reference vulnerability?
A . “GET/restricted/goldtransfer?to=Rob&from=1 or 1=1’ HTTP/1.1Host: westbank.com”
B . “GET/restricted/accounts/?name=Ned HTTP/1.1 Host: westbank.com”
C . “GET/restricted/bank.getaccount(‘Ned’) HTTP/1.1 Host: westbank.com”
D . “GET/restricted/r
%00account%00Ned%00access HTTP/1.1 Host: westbank.com”

Answer: B

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments