After being notified of an issue with the online shopping cart, where customers are able to arbitrarily change the
price of listed items, a programmer analyzes the following piece of code used by a web based shopping cart.
SELECT ITEM FROM CART WHERE ITEM=ADDSLASHES($USERINPUT);
The programmer found that every time a user adds an item to the cart, a temporary file is created on the web
server /tmp directory. The temporary file has a name which is generated by concatenating the content of the
$USERINPUT variable and a timestamp in the form of MM-DD-YYYY, (e.g. smartphone-12-25-2013.tmp)
containing the price of the item being purchased. Which of the following is MOST likely being exploited to
manipulate the price of a shopping cart’s items?
A.
Input validation
B.
SQL injection
C.
TOCTOU
D.
Session hijacking