Nothing subtle, but he was clever in the sense that he managed to stuff a complete injection attack into his single file and included a Google-call in case his script didn't recognize the operating system.
Worth a read not because it's a genius-level hack, but worth to see the breadth-first attempt that the attack takes to utilize a number of strategies. Realizing the number of attack vectors that you have to defend against is key to writing secure code.
In that sense, I wonder if there are other good examples of attack code hosted on github somewhere. Seems like there's as much to learn from "black hat" code attacks as there is from doing code reviews on your own codebase.
Hacks like this are commonly available. Back when I was working with Wordpress more, I saw them a few times. What's kind of cool when you see them is that they're often obfuscated several layers deep, so getting to the code is kind of like a puzzle.
Worth a read not because it's a genius-level hack, but worth to see the breadth-first attempt that the attack takes to utilize a number of strategies. Realizing the number of attack vectors that you have to defend against is key to writing secure code.
In that sense, I wonder if there are other good examples of attack code hosted on github somewhere. Seems like there's as much to learn from "black hat" code attacks as there is from doing code reviews on your own codebase.