Kevin is an IT security analyst working for Emerson Time Makers, a watch manufacturing company in Miami. Kevin and his girlfriend Katy recently broke up after a big fight. Kevin believes that she was seeing another person. Kevin, who has an online email account that he uses for most of his mail, knows that Katy has an account with that same company. Kevin logs into his email account online and gets the following URL after successfully logged in:
http://www.youremailhere.com/mail.asp?mailbox=Kevin&Smith=121%22 Kevin changes the URL
to: http://www.youremailhere.com/mail.asp?mailbox=Katy&Sanchez=121%22 Kevin is trying to access her email account to see if he can find out any information. What is Kevin attempting here to gain access to Katy’s mailbox?
A.
This type of attempt is called URL obfuscation when someone manually changes a URL to try and gain unauthorized access
B.
By changing the mailbox’s name in the URL, Kevin is attempting directory transversal
C.
Kevin is trying to utilize query string manipulation to gain access to her email account
D.
He is attempting a path-string attack to gain access to her mailbox
c