Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Re: Re: Re: Mis-diagnosed XSS bugs hiding worse issues due to PHP feature
From: "Siegfried" <admin () zone-h fr>
Date: Sun, 2 Apr 2006 09:00:26 +0200 (CEST)

This is actually what i wanted to say, "that" stripslashes if you prefer,
i'm not sure if he wanted to use it to validate the input, or that would
be really dumb, but anyway it's really not important at all....

i leave you to the n3td3v trolls now, have fun, but keep an eye on all
advisories :)

Siegfried

Le Dim 2 avril 2006 08:47, Jasper Bryant-Greene a écrit :
Siegfried wrote:
Yes like you said there is no check, because the stripslashes is a joke.
And yes this script isn't famous at all, but it was just to show a
recent
example of an error in the advisory, even if this one is just a detail

Stripslashes is not a joke, it's just not designed for what its being
used for. The developer that tries to use it for input
validation/checking, now *there's* the joke!

--
Jasper Bryant-Greene
General Manager
Album Limited

http://www.album.co.nz/     0800 4 ALBUM
jasper () album co nz          021 708 334



-- 
Zone-H Admin
admin () zone-h fr
www.zone-h.org
www.zone-h.fr

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault