Certified SOC Analyst (CSA) — Question 28

An attacker exploits the logic validation mechanisms of an e-commerce website. He successfully purchases a product worth $100 for $10 by modifying the URL exchanged between the client and the server.
Original URL: http://www.buyonline.com/product.aspx?profile=12&debit=100
Modified URL: http://www.buyonline.com/product.aspx?profile=12&debit=10
Identify the attack depicted in the above scenario.

Answer options

• A. Denial-of-Service Attack
• B. SQL Injection Attack
• C. Parameter Tampering Attack
• D. Session Fixation Attack

Correct answer: C

Explanation

The correct answer is C, Parameter Tampering Attack, as the attacker alters the parameters in the URL to manipulate the price of the product. The other options do not apply here: A refers to overwhelming a service, B involves injecting SQL code, and D pertains to exploiting session management issues.