An attacker has been successfully modifying the purchase price of items purchased on the
company’s web site. The security administrators verify the web server and Oracle database have
not been compromised directly. They have also verified the Intrusion Detection System (IDS) logs
and found no attacks that could have caused this. What is the mostly likely way the attacker has
been able to modify the purchase price?

A.
By using SQL injection

B.
By changing hidden form values

C.
By using cross site scripting

D.
By utilizing a buffer overflow attack