CodeSOD: The Evil CMS |
Content Management Systems always end up suffering, at least a little, from the Inner Platform Effect. There’s the additional problem that, unlike say, a big ol’ enterprise HR system or similar, CMSes are useful for just about everyone. It’s a quick and easy way to put together a site which anyone can maintain. But it never has enough features for your content. So you always install plugins- plugins of wildly varying quality and compatibility.
Lucio Crusca was doing a security audit of a Joomla site, found this block inside an installed plugin:
".$MyForm->formrow->scriptcode);
echo "//]]>\n";
echo "\n";
}
?>
Let’s just focus on the echo
s to start. We’re directly outputting a
Комментировать | « Пред. запись — К дневнику — След. запись » | Страницы: [1] [Новые] |