[VIM] Term: "Eval injection"
Steven M. Christey
coley at mitre.org
Tue Jan 17 13:54:35 EST 2006
FYI I've been using the term "eval injection" to describe issues where
user input is fed into an interpreted language's eval() call. PHP
applications are mostly hit with this, but there have been some in
Perl and Python.
I suspect we will see some major increases in eval injection this
year, since it's "grep-and-gripe" easy to find and it gets code
execution.
FYI I think Stefan Esser invented the term, or at least he was the
first one I saw using it, sometime last year.
- Steve
More information about the VIM
mailing list