A trojan horse

When perl sees a string such as “$junk”, it does variable interpolation. If you replace junk with a blog of code that returns reference to a scalar;

print “${system(‘dir’)}”;

and perl treats this statement as trusted function, be careful when using strings.


Leave a Reply

Your email address will not be published. Required fields are marked *