The correct answer is B because an attack that abuses the intended workflow, rules, or assumptions of an application is classified as a logic flaw or business logic flaw. In web application hacking, business logic defines how the application should behave, such as pricing rules, transaction sequencing, authorization decisions, coupon use, fund transfer limits, or approval workflows. A business logic flaw occurs when those rules are incomplete, poorly enforced, or can be manipulated by an attacker. The CEH web application material explains that business logic flaws exist when the application’s core rules are not foolproof and can be exploited to compromise the application; these flaws often require careful review of architecture and design because automated scanners may not detect them reliably. XSS abuses improper output/input handling to run scripts in a browser. CSRF abuses a user’s authenticated session. SQLi abuses database query construction. The option that directly matches abusing business logic is Logic flaw.