Certified Ethical Hacker (CEH v10) — Question 186

Insecure direct object reference is a type of vulnerability where the application does not verify if the user is authorized to access the internal object via its name or key.
Suppose a malicious user Rob tries to get access to the account of a benign user Ned.
Which of the following requests best illustrates an attempt to exploit an insecure direct object reference vulnerability?

Answer options

• A. "GET/restricted/goldtransfer?to=Rob&from=1 or 1=1' HTTP/1.1Host: westbank.com"
• B. "GET/restricted/accounts/?name=Ned HTTP/1.1 Host: westbank.com"
• C. "GET/restricted/bank.getaccount("˜Ned') HTTP/1.1 Host: westbank.com"
• D. "GET/restricted/\r\n\%00account%00Ned%00access HTTP/1.1 Host: westbank.com"

Correct answer: B

Explanation

Option B is correct because it directly attempts to access Ned's account by using his name in the request, which illustrates a direct object reference without authorization. The other options involve different actions or methods that do not directly reference Ned's account in a manner that indicates exploitation of this vulnerability.