mailing list archives
Re: Improper Character Handling In PHP Based Scripts like PhpBB, IPB etc.
From: 3APA3A <3APA3A () SECURITY NNOV RU>
Date: Tue, 24 Jan 2006 14:56:19 +0300
This characters has a code of 173 (0xAD). What you see or what you do
not see depends only on your current codepage . Probably, this character
will be filtered out by Windows API may be as non-printable or
during conversion from Windows-xxxx to Unicode. PHP have no relation to
--Tuesday, January 24, 2006, 1:43:09 PM, you wrote to full-disclosure () lists grok org uk:
h> Well this was after i found somebody posing as me on my site -->
h> http://www.h4cky0u.org which was actually quite interesting and
h> dangerous (looking from the social engineering point of view).
h> Download the following file -
h> Make sure you download it and not view it from the browser. Once
h> you download that file open it in your text editor. You should see
h> something like-
h> Copy that whole string and try and post it on any PHP Based blog,
h> forum etc or register a username with that string. Now what do you
h> see? The -- part from --desiredusername is gone! But apparently its
h> still there. It still hides within that string(Try and reverse the
h> process you just did). Ok so the bug has been confirmed. Now come the
h> questions -
h> 1) Is this really a bug in PHP (tested with PHP 4.3.11 and later
h> versions might as well be affected)? Or am i overlooking something?
h> 2) What is the ASCII code of that -- part in the file if it isn't
h> just 2 simple hyphens? (Tried all the possible methods but couldnt
h> come up with anything positive.)
h> 3) What are the possible ways to avoid something like this?
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/