lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Fri, 10 Nov 2006 13:27:51 +0100
From: Stefan Lochbihler <steve01@...llo.at>
To: full-disclosure@...ts.grok.org.uk
Subject: PHP Array and Null Bytes

Hi guys,

some questions to NULL Bytes within PHP Arrays.

Let us assume there exist a php script with the following code.

$erg=$_GET['show']

if(!isset($arr[$erg]) $erg="something";

$arr is a predefined variable but with "register globals on" it would be
possible to set your own Array Key. This means when you set

$erg=test
$arr[test]

you could deliver almost every chars you want. My problem is that
i want to deliver a content like that.

$erg=index.html%00
$arr[index.html%00]

The problem is that the Null Byte within the array destroy the array.
My question is if there exist a way to avoid the Null Byte within
the array. For example (im not really familiar with charsets)
to create the Null Byte with the help of f.e. UTF-7 encoded
chars.

If someone has an idea please let me know.

Best regards

Steve


View attachment "steve01.vcf" of type "text/x-vcard" (150 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ