After being notified of an issue with the online shopping cart, where customers are able to arbitrarily change the price of listed items, a programmer analyzes the
following piece of code used by a web based shopping cart.
SELECT ITEM FROM CART WHERE ITEM=ADDSLASHES($USERINPUT);
The programmer found that every time a user adds an item to the cart, a temporary file is created on the web server /tmp directory. The temporary file has a name
which is generated by concatenating the content of the $USERINPUT variable and a timestamp in the form of MM-DD- YYYY, (e.g. smartphone-12-25-2013.tmp)
containing the price of the item being purchased. Which of the following is MOST likely being exploited to manipulate the price of a shopping cart’s items?.
A.
Input validation
B.
SQL injection
C.
TOCTOU
D.
Session hijacking