/ 
WebDyne-1.250
/ wddump
Security Advisories (1)
CVE-2026-5084 (2026-05-11)

WebDyne::Session versions through 2.075 for Perl generates the session id insecurely. The session handler generates the session id from an MD5 hash seeded with a call to the built-in rand() function. The rand function is passed a maximum value based on the process id, the epoch time and the reference address of the object, but this information will have no effect on the overall quality of the seed of the message digest. The rand function is seeded by 32-bits and is predictable. It is considered unsuitable for cryptographic purposes. Predictable session ids could allow an attacker to gain access to systems. Note that WebDyne::Session versions 1.042 and earlier appear to be in separate distributions from WebDyne.

Name

wddump - dump the data structure of a WebDyne page in the cache directory

Synopsis

wddump [OPTIONS] FILE

Options

-h, --help Show brief help message.

Description

The wddump command displays internal the data structure of a compiled WebDyne psp file from the WebDyne cache directory. wddump is of limited diagnostic use - the wdcompile tool is more suitable for troubleshooting HTML tree errors.

wddump can be useful to see a picture of the final data structure looks like on complex pages built via many filters, combining static and dynamic blocks etc.

Examples

wdrender /var/webdyne/cache/26f2c4edc8bfd52fbde915290db96779

Display the data structure from a compiled, cached webdyne file.

Author

Written by Andrew Speer, andrew@webdyne.org

LICENSE and COPYRIGHT

This file is part of WebDyne.

This software is Copyright (c) 2017 by Andrew Speer <andrew@webdyne.org>.

This is free software, licensed under:

The GNU General Public License, Version 2, June 1991

Full license text is available at: http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt