A penetration tester suspects that the web application's "Order History" page is vulnerable to SQL injection because it displays user orders based on an unprotected user ID parameter in the URL. What is the most appropriate approach to test this?
A.
Inject JavaScript into the URL parameter to test for Cross-Site Scripting (XSS)
B.
Modify the URL parameter to userID=1 OR 1=1 and observe if all orders are displayed
C.
Perform a directory traversal attack to access sensitive system files
D.
Use a brute-force attack on the login form to identify valid user credentials
CEH v13 identifies URL parameters used in dynamic SQL queries as common injection points. When user-controlled values are passed directly into database queries without validation, attackers can manipulate query logic. Injecting a test payload such as 1 OR 1=1 into the userID parameter is a standard method to determine whether the application concatenates input into SQL statements. If the page displays all user orders instead of only the authenticated user's orders, this confirms SQL injection. CEH teaches that conditional tautologies are one of the safest and most reliable ways to probe SQL vulnerabilities, especially in GET parameters. JavaScript injection (Option A) tests XSS, not SQLi. Directory traversal (Option C) targets filesystem issues, not database logic. Brute-forcing user credentials (Option D) does not test query sanitization. Therefore, modifying the userID parameter with a SQL injection payload is the correct CEH-aligned method.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit