Most companies that do business via the Web offer a shopping cart so you can specify all the
items you want before placing the order. Poor shopping cart design, however, can allow a different
kind of hack. Take a look at the HTML code sample presented here and determine the line that
presents the vulnerability:
<FORM ACTION=”http://10.0.10.236/cgi-bin/orders.pl” method=”post”>
<input type=hidden name=”price” value=”39.95″>
<input type=hidden name=”item_no” value=”WIDGET9″>
QUANTITY: <input type=text name=”quantity” size=2 maxlength=2 value=1>
</FORM>
A.
The line specifying the Perl script orders.pl
B.
The line specifying input type for price
C.
The line specifying input type for item number
D.
The line specifying input type for quantity
E.
The line specifying input type for item number and quantity