Certified Ethical Hacker (CEH v11) — Question 256

Insecure direct object reference is a type of vulnerability where the application does not verify if the user is authorized to access the internal object via its name or key. Suppose a malicious user Rob tries to get access to the account of a benign user Ned.
Which of the following requests best illustrates an attempt to exploit an insecure direct object reference vulnerability?

Answer options

• A. ג€GET /restricted/goldtransfer?to=Rob&from=1 or 1=1' HTTP/1.1Host: westbank.comג€
• B. ג€GET /restricted/\r\n\%00account%00Ned%00access HTTP/1.1 Host: westbank.comג€
• C. ג€GET /restricted/accounts/?name=Ned HTTP/1.1 Host westbank.comג€
• D. ג€GET /restricted/ HTTP/1.1 Host: westbank.com

Correct answer: C

Explanation

The correct choice is C because it directly targets the account of Ned by including his name in the request. Options A and B do not specifically reference Ned's account in a straightforward manner, while D lacks any parameters that indicate an attempt to access a specific user's account.