Consider the PHP program (which includes a file specified by request):
<?php
$color = ‘blue’;
if (isset( $_GET[‘COLOR’] ) )
$color = $_GET[‘COLOR’];
require( $color . ‘.php’ );
?>
<form method=”get”>
<select name=”COLOR”>
<option value=”red”>red</option>
<option value=”blue”>blue</option>
</select>
<input type=”submit”>
</form>
A malicious user injects the following command:
/vulnerable.php?COLOR=C:\\notes.txt%00
where vulnerable.php is a remotely hosted file containing an exploit.
What does the malicious user want to do?

A.
Perform a cross-site scripting attack.

B.
Execute the malicious code that exists in the file vulnerable.php.

C.
Remove the .php suffix, allowing access to files other than .php.

D.
Inject a remotely hosted file containing an exploit.

Explanation: