The correct answer is C, Parameter tampering. In web application hacking, hidden fields are HTML form fields used to pass values back to the server, but they are only hidden from normal browser display, not from the user or attacker. CEH web application material explains that hidden fields are embedded in HTML forms to maintain values sent back to the server, and attacks challenge the assumption that hidden fields cannot be viewed or modified by examining the HTML source and changing the request before it reaches the server. This directly matches parameter tampering because the attacker modifies client-side parameters such as form fields, cookies, query strings, or URL parameters to alter application behavior. CEH material also describes parameter/form tampering as manipulating parameters during client-server communication, including URL values and web page form fields. SQL injection targets database queries, XSS injects script into pages, and CSRF tricks authenticated users into submitting unwanted requests. Hidden-field manipulation is therefore a form of parameter tampering.