Jul 21, 2017 · 1 min read
Not quite. The data itself didn’t execute any logic. The program merely checked if the data had a length of greater than zero, and if so, then delegated the call. So in other words, as long as the data field wasn’t empty (didn’t matter what data it contained), the attack could be executed.
