An attacker has been successfully modifying the purchase price of items purchased on the company’s web site.
The security administrators verify the web server and Oracle database have not been compromised directly.
They have also verified the Intrusion Detection System (IDS) logs and found no attacks that could have caused
this. What is the mostly likely way the attacker has been able to modify the purchase price?

A.
By using SQL injection

B.
By changing hidden form values

C.
By using cross site scripting

D.
By utilizing a buffer overflow attack