Certified Ethical Hacker (CEH v11) — Question 53

While using your bank's online servicing you notice the following string in the URL bar:
`http://www.MyPersonalBank.com/account?id=368940911028389&Damount=10980&Camount=21`
You observe that if you modify the Damount & Camount values and submit the request, that data on the web page reflect the changes.
Which type of vulnerability is present on this site?

Answer options

• A. Cookie Tampering
• B. SQL Injection
• C. Web Parameter Tampering
• D. XSS Reflection

Correct answer: C

Explanation

The correct answer is Web Parameter Tampering because altering the parameters in the URL directly affects the server's response, indicating a lack of validation on user input. Cookie Tampering, SQL Injection, and XSS Reflection do not apply here as they involve different exploitation techniques that do not directly involve changing URL parameters to manipulate web application output.