Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Improper Character Handling In PHP Based Scripts like PhpBB, IPB etc.
From: "ad () heapoverflow com" <ad () heapoverflow com>
Date: Tue, 24 Jan 2006 14:23:50 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
this range of chars \xA? is known to bug in various applications, this
would have been better h4cky0u to stfu :>

h4cky0u wrote:
Well this was after i found somebody posing as me on my site -->
http://www.h4cky0u.org which was actually quite interesting and
dangerous  (looking from the social engineering point of view).

Download the following file -

http://www.h4cky0u.org/poc.txt

Make sure you download it and not view it from the browser.  Once
you download that file open it in your text editor. You should see
something like-

--desiredusername
Copy that whole string and try and post it on any PHP Based blog,
forum etc or register a username with that string. Now what do you
see? The -- part from --desiredusername is gone! But apparently its
still there. It still hides within that string(Try and reverse the
process you just did). Ok so the bug has been confirmed. Now come
the questions -

1) Is this really a bug in PHP (tested with PHP 4.3.11 and later
versions might as well be affected)? Or am i overlooking something?

2) What is the ASCII code of that -- part in the file if it isn't
just 2 simple hyphens? (Tried all the possible methods but couldnt
come up with anything positive.)

3) What are the possible ways to avoid something like this?

--
http://www.h4cky0u.org
(In)Security at its best...

----------------------------------------------------------------------

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
 
iQIVAwUBQ9YqZq+LRXunxpxfAQLKKA//fRL7O6scQ4a1IhKSPczI1j7CQzWt7w7G
UC8nqY63Ep7L6WZBpFCgEzv4cpKb90TkesAxzD5qvXczJOjhVG9sPcwbGER6qOKf
d1jJaajqLbBecpQqvuxZBluCDdWAH9IkULYfPXko5VshamESIPxZAVGYzlq6DpYe
KnLx6pYLz9hQApJ3GTvnuatMPiqnIiXYEDdORxcFAifx0Kyfa54QxgXV8ibvbEQ+
zx+8FtFALEHaV/9S1f4SPQvxIO4r2lqMEugOxhYCPsnWUqIbm6ZOWcUW5AIVpT5L
wt2pTIia8G4d4ylyOChUmv1cymCBjV7LFkzdJLYiaxZGZFOAvd1iLSgGqxBL86Go
uuCd91aAKrZJizCIPBuuVyhRgbwA7e1iH9rZkJTUtQejngDccad3cMSWX/51zf8Y
u2QDsqiQXWE/YCoREnBtEcrE64tvAFbnJ1olfJ4yr9RGiVbE84HTddRVp1dQ5Ktx
JMpUhoYvaw3hib/wLixkkDrGPAVb4O/he9jrfdanb9/EVx93Qc2Phv59LvAAfr/m
DAmMaBBRrVHDrqpjpMoOeFHF0b6/9ajHQ/bLVYqncUJkR+cAZ9qxfO82TYldcZyr
VY9uAMIRSbXMyMA1gWp8o85gRZsbX5D13SbqL4o+Klmp4M8Y4vKTjCQPX1VpXmxR
1c20JSi80wc=
=ZN6t
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]