New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Eccouncil 312-39 Exam - Topic 9 Question 57 Discussion

Actual exam question for Eccouncil's 312-39 exam
Question #: 57
Topic #: 9
[All 312-39 Questions]

An attacker exploits the logic validation mechanisms of an e-commerce website. He successfully purchases a product worth $100 for $10 by modifying the URL exchanged between the client and the server.

Original URL: http://www.buyonline.com/product.aspx?profile=12&debit=100 Modified URL: http://www.buyonline.com/product.aspx?profile=12&debit=10

Identify the attack depicted in the above scenario.

Show Suggested Answer Hide Answer
Suggested Answer: C


by Ernie at Sep 18, 2022, 09:47 AM

Limited Time Offer

25%

Off

Get Premium 312-39 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Truman
4 months ago
I can't believe it was that easy to exploit!
upvoted 0 times
...
Selma
4 months ago
Nope, it's clearly parameter tampering. No doubt about it.
upvoted 0 times
...
Darnell
4 months ago
Wait, are you sure? Could it be SQL injection?
upvoted 0 times
...
Laticia
4 months ago
I agree, modifying the URL is a classic move.
upvoted 0 times
...
Phuong
4 months ago
That's definitely parameter tampering!
upvoted 0 times
...
Genevieve
5 months ago
I could be wrong, but I thought session fixation attacks were more about hijacking sessions rather than altering prices in URLs.
upvoted 0 times
...
Jacquelyne
5 months ago
This reminds me of a practice question we did on URL manipulation. I feel like parameter tampering fits the scenario best.
upvoted 0 times
...
Gail
5 months ago
I'm not entirely sure, but I remember something about SQL injection being related to database queries, so that doesn't seem right here.
upvoted 0 times
...
Alesia
5 months ago
I think this might be a parameter tampering attack since the attacker modified the URL to change the price.
upvoted 0 times
...
Aleta
5 months ago
Okay, I've got this. In a defined contribution plan, the employer contributes a set amount, but the employee's benefit depends on the performance of their investments. So the employees are the ones who assume the investment risk, not the employer. I'm confident A is the right answer.
upvoted 0 times
...
Kanisha
5 months ago
Okay, I've got a strategy here. I need to focus on the key control points in the purchasing process and determine which one would be the most effective in preventing fraud. I think I'll go with option A.
upvoted 0 times
...

Save Cancel