In the process of hacking a web application, attackers manipulate the HTTP requests to
subvert the application authorization schemes by modifying input fields that relate to the user
ID, username, access group, cost, file names, file identifiers, etc. They first access the web
application using a low privileged account and then escalate privileges to access protected
resources. What attack has been carried out?

A.
XPath Injection Attack

B.
Authorization Attack

C.
Authentication Attack

D.
Frame Injection Attack

Explanation:

Reference:
http://luizfirmino.blogspot.com/2011_09_01_archive.html(see authorization attack)