Can anyone help me understand this practice question:
After being notified of an issue with the online shopping cart, where customers are able toarbitrarily change the price of listed items, a programmer analyzes the following piece of codeused by a web based shopping cart. The programmer found that every time a user adds an item to the cart, a temporary file is createdon the web server /tmp directory. The temporary file has a name which is generated byconcatenating the content of the $USERINPUT variable and a timestamp in the form of MM-DD-YYYY, (e.g. smartphone-12-25-2013.tmp) containing the price of the item being purchased. Whichof the following is MOST likely being exploited to manipulate the price of a shopping cart’s items?A. Input validationB. SQL injectionC. TOCTOUD.Session hijacking
The provided answer is TOCTOU, but I don't understand why. My current understanding of Time of Check/Time of Use has to do with making a change to a security variable (like disabling an account) and that change not taking effect until the next time the account checks in with the domain, for example a user being able to continue to use their account until they log out and attempt to log back in. I would have picked SQL Injection.
Thanks for any help.