Which of the following is MOST likely being exploited t…

After being notified of an issue with the online shopping cart, where customers are able to arbitrarily change the
price of listed items, a programmer analyzes the following piece of code used by a web based shopping cart.
SELECT ITEM FROM CART WHERE ITEM=ADDSLASHES($USERINPUT);
The programmer found that every time a user adds an item to the cart, a temporary file is created on the web
server /tmp directory. The temporary file has a name which is generated by concatenating the content of the
$USERINPUT variable and a timestamp in the form of MM-DD-YYYY, (e.g. smartphone-12-25-2013.tmp)
containing the price of the item being purchased. Which of the following is MOST likely being exploited to
manipulate the price of a shopping cart’s items?

After being notified of an issue with the online shopping cart, where customers are able to arbitrarily change the
price of listed items, a programmer analyzes the following piece of code used by a web based shopping cart.
SELECT ITEM FROM CART WHERE ITEM=ADDSLASHES($USERINPUT);
The programmer found that every time a user adds an item to the cart, a temporary file is created on the web
server /tmp directory. The temporary file has a name which is generated by concatenating the content of the
$USERINPUT variable and a timestamp in the form of MM-DD-YYYY, (e.g. smartphone-12-25-2013.tmp)
containing the price of the item being purchased. Which of the following is MOST likely being exploited to
manipulate the price of a shopping cart’s items?

A.
Input validation

B.
SQL injection

C.
TOCTOU

D.
Session hijacking



Leave a Reply 0

Your email address will not be published. Required fields are marked *