CompTIA PenTest+ (PT0-002) — Question 426

During a penetration test, a tester is able to change values in the URL from example.com/login.php?id=5 to example.com/login.php?id=10 and gain access to a web application. Which of the following vulnerabilities has the penetration tester exploited?

Answer options

• A. Command injection
• B. Broken authentication
• C. Direct object reference
• D. Cross-site scripting

Correct answer: C

Explanation

The correct answer is C, Direct object reference, as the tester manipulated the URL to access a different resource by changing the ID value. The other options do not apply here; Command injection involves executing arbitrary commands, Broken authentication pertains to flaws in user login processes, and Cross-site scripting involves injecting malicious scripts into web pages.