|
|
|
|
|
|
by const_cast
391 days ago
|
|
|
It's been such a long standing tradition in software exploits that it's kind of fun and facepalmy when it crops up again in some new technology. The pattern of "take user text input, have it be tainted to be interpreted as instructions of some kind, and then execute those in a context not prepared for it" just keeps happening. SQL injection, cross-site scripting, PHP include injection (my favorite), a bunch of others I'm missing, and now this. |
|
|