Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Critical PHP bug - act ASAP if you are running web with sensitive data
From: "John Bond" <john.r.bond () gmail com>
Date: Tue, 4 Apr 2006 14:29:26 +0100

On 3/29/06, Jeff Rosowski <rosowskij () ie ymp gov> wrote:

It also doesn't affect all versions of PHP.  on 5.0.5, it returns \0
followed by however many Ss you put after it. And your right you wouldn't
trust user imput like that.


I get this behaviour on php v5.0.4 on windows box

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]