| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun Apr 2 08:00:26 2006 From: admin at zone-h.fr (Siegfried) Subject: Re: Re: Re: Mis-diagnosed XSS bugs hiding worse issues due to PHP feature This is actually what i wanted to say, "that" stripslashes if you prefer, i'm not sure if he wanted to use it to validate the input, or that would be really dumb, but anyway it's really not important at all.... i leave you to the n3td3v trolls now, have fun, but keep an eye on all advisories :) Siegfried Le Dim 2 avril 2006 08:47, Jasper Bryant-Greene a ?crit : > Siegfried wrote: >> Yes like you said there is no check, because the stripslashes is a joke. >> And yes this script isn't famous at all, but it was just to show a >> recent >> example of an error in the advisory, even if this one is just a detail > > Stripslashes is not a joke, it's just not designed for what its being > used for. The developer that tries to use it for input > validation/checking, now *there's* the joke! > > -- > Jasper Bryant-Greene > General Manager > Album Limited > > http://www.album.co.nz/ 0800 4 ALBUM > jasper@...um.co.nz 021 708 334 > -- Zone-H Admin admin@...e-h.fr www.zone-h.org www.zone-h.fr
Powered by blists - more mailing lists