/ 
WebDyne-1.218
/ wddump
Security Advisories (1)
CVE-2026-5084 (2026-05-11)

WebDyne::Session versions through 2.075 for Perl generates the session id insecurely. The session handler generates the session id from an MD5 hash seeded with a call to the built-in rand() function. The rand function is passed a maximum value based on the process id, the epoch time and the reference address of the object, but this information will have no effect on the overall quality of the seed of the message digest. The rand function is seeded by 32-bits and is predictable. It is considered unsuitable for cryptographic purposes. Predictable session ids could allow an attacker to gain access to systems. Note that WebDyne::Session versions 1.042 and earlier appear to be in separate distributions from WebDyne.

Name

wddump - dump the data structure of a WebDyne page in the cache directory

Synopsis

wddump [OPTIONS] FILE

Options

-h, --help Show brief help message.

Description

The wddump command displays internal the data structure of a compiled WebDyne psp file from the WebDyne cache directory. wddump is of limited diagnostic use - the wdcompile tool is more suitable for troubleshooting HTML tree errors.

wddump can be useful to see a picture of the final data structure looks like on complex pages built via many filters, combining static and dynamic blocks etc.

Examples

wdrender /var/webdyne/cache/26f2c4edc8bfd52fbde915290db96779

Display the data structure from a compiled, cached webdyne file.

Author

Written by Andrew Speer, andrew@webdyne.org

Copying

Copyright (C) 2008-2010 Andrew Speer. Free use of this software is granted under the terms of the GNU General Public License (GPL)