lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20060124121056.GA11804@localhost.localdomain>
Date: Tue Jan 24 12:10:32 2006
From: patrickhof at web.de (Patrick Hof)
Subject: Improper Character Handling In PHP Based
	Scriptslike PhpBB, IPB etc.

Edward Pearson <Ed@...tyitservices.co.uk> schrieb:
> I can't reproduce this on vBulletin, Haven't tried the others.
> Anybody know a good prog to discover what ASCII chars are?

$ python
>>> file = open('poc.txt', 'r')
>>> file.read()
'\xad\xaddesiredusername'
>>>

So it's ANSI Hex 0xAD, which is a so-called "soft hyphen". Those won't
be shown by many programs, as

http://www.cs.tut.fi/~jkorpela/shy.html

explains.

HTH, Patrick

-- 
"Take it off or else I break it off." -Leela, with Fry's arm around her
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060124/d202d41e/attachment.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ