When this URL will be proceed a transaction of 10000 it will be deducted from accountC rather than accountA. This is how you manipulate the parameters in HTTP Parameter Pollution attack. Although the scope of this vulnerability is not limited only to GET request you can also perform this attack on a POST based request. You can try this vulnerability on many places like password change, 2FA, comments, profile photo upload, on a parameter where API key is passed, OTP etc.