lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <905801222.20060124145619@SECURITY.NNOV.RU>
Date: Tue Jan 24 11:56:32 2006
From: 3APA3A at SECURITY.NNOV.RU (3APA3A)
Subject: Improper Character Handling In PHP Based
	Scripts like PhpBB, IPB etc.

Dear h4cky0u,

This  characters  has  a code of 173 (0xAD). What you see or what you do
not see depends only on your current codepage . Probably, this character
will    be    filtered  out  by  Windows  API may be as non-printable or
during  conversion from Windows-xxxx to Unicode. PHP have no relation to
this.

-- 
~/ZARAZA
http://www.security.nnov.ru/


--Tuesday, January 24, 2006, 1:43:09 PM, you wrote to full-disclosure@...ts.grok.org.uk:

h> Well this was after i found somebody posing as me on my site -->
h> http://www.h4cky0u.org?which was actually quite interesting and
h> dangerous? (looking from the social engineering point of view).
h> ?
h> Download the following file -
h> ?
h> http://www.h4cky0u.org/poc.txt
h> ?
h> Make sure you download it and not view it from the browser.? Once
h> you download that file open it in your text editor. You should see
h> something like-
h> ?
h> --desiredusername

h> Copy that whole string and try and post it on any PHP Based blog,
h> forum etc or register a username with that string. Now what do you
h> see? The -- part from --desiredusername is gone! But apparently its
h> still there. It still hides within that string(Try and reverse the
h> process you just did). Ok so the bug has been confirmed. Now come the
h> questions -
h> ?
h> 1) Is this?really a bug in PHP (tested with PHP 4.3.11 and later
h> versions might as well be affected)? Or am i overlooking something?
h> ?
h> 2) What is the ASCII code of that -- part in the file if it isn't
h> just 2 simple hyphens? (Tried all the possible methods but couldnt
h> come up with anything positive.)
h> ?
h> 3) What are the possible ways to avoid something like this?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ