Professional Documents
Culture Documents
account!! *
name=
uid=
id=
profile=
What sensitive data of victim did gain by exploiting lab Give me my 1/1
account!! *
password of user
Both B and C
Identify the vulnerable parameter for lab Stop polluting my Params! * 1/1
uid=
name=
profile
p
id=
Which of the following sensitive data of user can be altered in lab Stop 1/1
Polluting my Params! *
username
password of user
password=
user=
username=
id=
Identify the field or the user input which lead you to account take over in 1/1
lab Someone Changed my Password ! *
New Password
Confirm Password
Password
Both A and B
Which of the following is the default request method used in lab Change 1/1
your methods! Which could be modified later? *
POST
PUT
GET
URL Tampering
Body Manipulation
Both A and C
In which of the following categories of OWASP top 10 2017 does IDOR 1/1
belongs to ? *
Insecure Deserialization
Security Misconfigurations
____ is a web application design method in which entity names are used 1/1
to identify application-controlled resources that are passed in URLs or
request parameters. *
REST API
Service-Control
Domain-Control
Domain Control
Request-Control
Access-Control
IDOR vulnerabilities occurs when ________ user input can be used to gain 1/1
_______________ to resources. *
file=
profilenm=
Both A and B
Both B and C
To start hunting for IDOR vulnerabilities which of the following is a basic 1/1
or the initial step? *
TRUE
FALSE
Document Object
Direct Object
Model Object
P3,P4
P3, P5
P2, P3
P4, P5
YES
NO
id=
username=
lang=
Both A and B
Authorized Data
Unauthorized Data
Authorization
Confidentiality
Integrity
Availability of Server
Privacy of Server
Privacy of Users
y
Which of the following user data would a attacker be able to gain if the 1/1
web application is vulnerable to IDOR? *
URL
ID
Request
Device
Both B and C
__________ backs up your online data and restores it in the event of a 1/1
cyberattack incident, including a data breach due to IDOR vulnerability. *
Monitoring
Snapping
Hijacking
Sniffing
To mitigate IDOR attacks tokens should be generated in such a way that 1/1
it can only be mapped to the user and is not public. *
TRUE
FALSE
Validation of parameters
Forms