|
|
|
|
|
|
by peterwwillis
3378 days ago
|
|
|
It shows the use of ImageMagick, a legendarily buggy and insecure application and library. It shows the use of system crypt() for password hashes, which isn't really very secure since (afaik) it doesn't support pbkdf2 on most systems or bcrypt (not the blowfish one) or script. It shows hardcoding database credentials in a flat file. And it shows it uses PHP, which has its own security problems as well as being well known as a language used by people not aware of secure coding practices. |
|
|