Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Eccouncil 312-96 Exam - Topic 1 Question 3 Discussion

Actual exam question for Eccouncil's 312-96 exam
Question #: 3
Topic #: 1
[All 312-96 Questions]

A US-based ecommerce company has developed their website www.ec-sell.com to sell their products online. The website has a feature that allows their customer to search products based on the price. Recently, a bug bounty has discovered a security flaw in the Search page of the website, where he could see all products from the database table when he altered the website URL http://www.ec-sell.com/products.jsp?val=100 to http://www.ec-sell.com/products.jsp?val=200 OR '1'='1 -. The product.jsp page is vulnerable to

Show Suggested Answer Hide Answer
Suggested Answer: C

by Jacqueline at Jul 25, 2023, 04:15 AM

Limited Time Offer

25%

Off

Get Premium 312-96 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Bambi
5 months ago
Just wow, I can't believe they missed that in testing!
upvoted 0 times
...
Richelle
5 months ago
I thought brute force was the main concern here, but this makes sense.
upvoted 0 times
...
Victor
5 months ago
Wait, are we sure it's not a CSRF? Seems a bit off.
upvoted 0 times
...
Brandon
5 months ago
Totally agree, that URL manipulation is classic SQLi.
upvoted 0 times
...
Vinnie
6 months ago
That's definitely an SQL Injection vulnerability.
upvoted 0 times
...
Aja
6 months ago
I thought brute force attacks were more about guessing passwords, so I'm leaning towards SQL Injection for this one.
upvoted 0 times
...
Patria
6 months ago
This reminds me of a practice question we did on SQL Injection. The way the query is altered looks like a classic case of that vulnerability.
upvoted 0 times
...
Ludivina
6 months ago
I'm not entirely sure, but I think this could also relate to session hijacking? I need to double-check my notes on that.
upvoted 0 times
...
Gerald
6 months ago
I remember studying SQL Injection attacks, and this URL manipulation seems to fit that description.
upvoted 0 times
...
Rima
6 months ago
I feel pretty confident about this. Applying the Standardized Service Contract, Redundant Implementation, and Service Data Replication patterns seems like a solid approach to address the performance and scalability concerns while also accommodating the new service capability.
upvoted 0 times
...
Lashandra
6 months ago
Hmm, I'm a bit unsure about this one. The options seem similar, and I want to make sure I understand the difference between solution scope, design, requirements, and the business case. Let me think this through step-by-step.
upvoted 0 times
...

Save Cancel