| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue Jan 24 13:24:43 2006 From: ad at heapoverflow.com (ad@...poverflow.com) Subject: Improper Character Handling In PHP Based Scripts like PhpBB, IPB etc. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 this range of chars \xA? is known to bug in various applications, this would have been better h4cky0u to stfu :> h4cky0u wrote: > Well this was after i found somebody posing as me on my site --> > http://www.h4cky0u.org which was actually quite interesting and > dangerous (looking from the social engineering point of view). > > Download the following file - > > http://www.h4cky0u.org/poc.txt > > Make sure you download it and not view it from the browser. Once > you download that file open it in your text editor. You should see > something like- > > --desiredusername > Copy that whole string and try and post it on any PHP Based blog, > forum etc or register a username with that string. Now what do you > see? The -- part from --desiredusername is gone! But apparently its > still there. It still hides within that string(Try and reverse the > process you just did). Ok so the bug has been confirmed. Now come > the questions - > > 1) Is this really a bug in PHP (tested with PHP 4.3.11 and later > versions might as well be affected)? Or am i overlooking something? > > 2) What is the ASCII code of that -- part in the file if it isn't > just 2 simple hyphens? (Tried all the possible methods but couldnt > come up with anything positive.) > > 3) What are the possible ways to avoid something like this? > > -- > http://www.h4cky0u.org > (In)Security at its best... > > ---------------------------------------------------------------------- > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) iQIVAwUBQ9YqZq+LRXunxpxfAQLKKA//fRL7O6scQ4a1IhKSPczI1j7CQzWt7w7G UC8nqY63Ep7L6WZBpFCgEzv4cpKb90TkesAxzD5qvXczJOjhVG9sPcwbGER6qOKf d1jJaajqLbBecpQqvuxZBluCDdWAH9IkULYfPXko5VshamESIPxZAVGYzlq6DpYe KnLx6pYLz9hQApJ3GTvnuatMPiqnIiXYEDdORxcFAifx0Kyfa54QxgXV8ibvbEQ+ zx+8FtFALEHaV/9S1f4SPQvxIO4r2lqMEugOxhYCPsnWUqIbm6ZOWcUW5AIVpT5L wt2pTIia8G4d4ylyOChUmv1cymCBjV7LFkzdJLYiaxZGZFOAvd1iLSgGqxBL86Go uuCd91aAKrZJizCIPBuuVyhRgbwA7e1iH9rZkJTUtQejngDccad3cMSWX/51zf8Y u2QDsqiQXWE/YCoREnBtEcrE64tvAFbnJ1olfJ4yr9RGiVbE84HTddRVp1dQ5Ktx JMpUhoYvaw3hib/wLixkkDrGPAVb4O/he9jrfdanb9/EVx93Qc2Phv59LvAAfr/m DAmMaBBRrVHDrqpjpMoOeFHF0b6/9ajHQ/bLVYqncUJkR+cAZ9qxfO82TYldcZyr VY9uAMIRSbXMyMA1gWp8o85gRZsbX5D13SbqL4o+Klmp4M8Y4vKTjCQPX1VpXmxR 1c20JSi80wc= =ZN6t -----END PGP SIGNATURE-----
Powered by blists - more mailing lists