Tuesday 29 December 2015

Pass4sure CAS-002 Question Answer

After being notified of an issue with the online shopping cart, where customers are able to arbitrarily change the price of listed items, a programmer analyzes the following piece of code used by a web based shopping cart. 
SELECT ITEM FROM CART WHERE ITEM=ADDSLASHES($USERINPUT); The programmer found that every time a user adds an item to the cart, a temporary file is created on the web server /tmp directory. The temporary file has a name which is generated by concatenating the content of the $USERINPUT variable and a timestamp in the form of MM-DD-YYYY, (e.g. smartphone-12-25-2013.tmp) containing the price of the item being purchased. Which of the following is MOST likely being exploited to manipulate the price of a shopping cart’s items?

A. Input validation
B. SQL injection
C. TOCTOU
D. Session hijacking

Answer: C

No comments:

Post a Comment

Note: only a member of this blog may post a comment.