Reply to post: I hate to defend H4rm0ny, but

Server-jacking exploits for ImageMagick are so trivial, you'll scream

Brewster's Angle Grinder Silver badge

I hate to defend H4rm0ny, but

If this was an SQL injection caused by home-spun quoting, everybody would condemn the coder as idiots who should have used placeholders. But because its happening on the command-line, everybody's defending it. (Ironically, the unix command-line has the potential to be a safe API: but not when the tokenisation is done by a shell.)

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon


Biting the hand that feeds IT © 1998–2021