Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Re: Re: Re: Mis-diagnosed XSS bugs hiding worse issues due to PHP feature
From: "Siegfried" <admin () zone-h fr>
Date: Sun, 2 Apr 2006 09:00:26 +0200 (CEST)

This is actually what i wanted to say, "that" stripslashes if you prefer,
i'm not sure if he wanted to use it to validate the input, or that would
be really dumb, but anyway it's really not important at all....

i leave you to the n3td3v trolls now, have fun, but keep an eye on all
advisories :)


Le Dim 2 avril 2006 08:47, Jasper Bryant-Greene a écrit :
Siegfried wrote:
Yes like you said there is no check, because the stripslashes is a joke.
And yes this script isn't famous at all, but it was just to show a
example of an error in the advisory, even if this one is just a detail

Stripslashes is not a joke, it's just not designed for what its being
used for. The developer that tries to use it for input
validation/checking, now *there's* the joke!

Jasper Bryant-Greene
General Manager
Album Limited

http://www.album.co.nz/     0800 4 ALBUM
jasper () album co nz          021 708 334

Zone-H Admin
admin () zone-h fr

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]