Date: Sat, 11 Nov 2006 20:05:34 +0200
From: upb <upbupb@...il.com>
To: "Stefan Lochbihler" <steve01@...llo.at>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: PHP Array and Null Bytes

read the php source, 'array's are implemented in Zend/zend_hash.c :)

On 11/10/06, Stefan Lochbihler <steve01@...llo.at> wrote:
>
> Hi guys,
>
> some questions to NULL Bytes within PHP Arrays.
>
> Let us assume there exist a php script with the following code.
>
> $erg=$_GET['show']
>
> if(!isset($arr[$erg]) $erg="something";
>
> $arr is a predefined variable but with "register globals on" it would be
> possible to set your own Array Key. This means when you set
>
> $erg=test
> $arr[test]
>
> you could deliver almost every chars you want. My problem is that
> i want to deliver a content like that.
>
> $erg=index.html%00
> $arr[index.html%00]
>
> The problem is that the Null Byte within the array destroy the array.
> My question is if there exist a way to avoid the Null Byte within
> the array. For example (im not really familiar with charsets)
> to create the Null Byte with the help of f.e. UTF-7 encoded
> chars.
>
> If someone has an idea please let me know.
>
> Best regards
>
> Steve
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists