Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Improper Character Handling In PHP Based Scriptslike PhpBB, IPB etc.
From: Patrick Hof <patrickhof () web de>
Date: Tue, 24 Jan 2006 13:11:01 +0100

Edward Pearson <Ed () unityitservices co uk> schrieb:
I can't reproduce this on vBulletin, Haven't tried the others.
Anybody know a good prog to discover what ASCII chars are?

$ python
file = open('poc.txt', 'r')
file.read()
'\xad\xaddesiredusername'


So it's ANSI Hex 0xAD, which is a so-called "soft hyphen". Those won't
be shown by many programs, as

http://www.cs.tut.fi/~jkorpela/shy.html

explains.

HTH, Patrick

-- 
"Take it off or else I break it off." -Leela, with Fry's arm around her

Attachment: signature.asc
Description: Digital signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault