lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue Jan 24 11:33:57 2006
From: discojonny at gmail.com (Disco Jonny)
Subject: Improper Character Handling In PHP
	BasedScriptslike PhpBB, IPB etc.

Hi,

I dont get a crash, Win2k Mozilla/5.0 (Windows; U; Windows NT 5.0;
en-GB; rv:1.7.12) Gecko/20050919 Firefox/1.0.7

However,

If i paste into the google toolbar that comes with firefox then both
the -- are removed.  when I paste a second time it happens the same

as in
--test then paste again --test
displays
testtest

If i then highlight this and delete it i am still left with the word
test.  It would seem that the - symbols get reinterpreted into acsii
(cause there is 4 of them the word test reappears)

If i do exactly the same with the seach box on www.google.co.uk then i
get 1 minus sign in the box and when i highlight and delete all i get
'st' ( leading me to believe its the - symbols)

dont know if this helps

Cheers.

dj

On 24/01/06, Edward Pearson <Ed@...tyitservices.co.uk> wrote:
>
> Ok,
> I can reproduce it, try pasting the two chars in question into ANY textbox
> in FF 1.5 twice, Please inform me if you get a crash.
>
>   *Edward Pearson - IT Engineer*
> t:  0870 851 8188
> f:  0870 851 8198
> m: 07729 155751
> w: www.unityitservices.co.uk  9 Fishers Estate | Wiggenhall Road | Watford
> | Hertfordshire | WD18 0FN
>
>
>
>
>
>
>
> Support Contracts Software Solutions Broadband Disaster Recovery
> Hardware Sales Hosting Services Database Development Network Installations
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060124/d60b22a7/attachment-0001.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: itlogo.png
Type: image/png
Size: 12121 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060124/d60b22a7/itlogo-0001.png

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ