Kevin is an IT security analyst working for Emerson Time Makers, a watch manufacturing company in Miami. Kevin and his girlfriend Katy recently broke up after a big fight. Kevin believes that she was seeing another person. Kevin, whohas an online email account that he uses for most of his mail, knows that Katyhas an account with that same company. Kevin logs into his email account online and gets the following URL after successfully logged in:
http://www.youremailhere.com/mail.asp?mailbox=Kevin&Smith=121%22
Kevin changes the URL to:
http://www.youremailhere.com/mail.asp?mailbox=Katy&Sanchez=121%22
Kevin is trying to access her email account to see if he can find out any information.
What is Kevin attempting here to gain access to Katy’s mailbox?
A.
Kevin is trying to utilize query string manipulation to gain access to her email account.
B.
This type of attempt is called URL obfuscation when someone manually changes a URL to try and gain unauthorized access.
C.
By changing the mailbox’s name in the URL, Kevin is attempting directory transversal.
D.
He is attempting a path-string attack to gain access to her mailbox.
I have the same idea.