Full Disclosure mailing list archives
Re: Re: Re: Re: Mis-diagnosed XSS bugs hiding worse issues due to PHP feature
From: "Siegfried" <admin () zone-h fr>
Date: Sun, 2 Apr 2006 09:00:26 +0200 (CEST)
This is actually what i wanted to say, "that" stripslashes if you prefer, i'm not sure if he wanted to use it to validate the input, or that would be really dumb, but anyway it's really not important at all.... i leave you to the n3td3v trolls now, have fun, but keep an eye on all advisories :) Siegfried Le Dim 2 avril 2006 08:47, Jasper Bryant-Greene a écrit :
Siegfried wrote:Yes like you said there is no check, because the stripslashes is a joke. And yes this script isn't famous at all, but it was just to show a recent example of an error in the advisory, even if this one is just a detailStripslashes is not a joke, it's just not designed for what its being used for. The developer that tries to use it for input validation/checking, now *there's* the joke! -- Jasper Bryant-Greene General Manager Album Limited http://www.album.co.nz/ 0800 4 ALBUM jasper () album co nz 021 708 334
-- Zone-H Admin admin () zone-h fr www.zone-h.org www.zone-h.fr _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Re: Re: Mis-diagnosed XSS bugs hiding worse issues due to PHP feature Siegfried (Apr 01)
- Re: Re: Re: Re: Mis-diagnosed XSS bugs hiding worse issues due to PHP feature Jasper Bryant-Greene (Apr 01)
- Re: Re: Re: Re: Mis-diagnosed XSS bugs hiding worse issues due to PHP feature Siegfried (Apr 01)
- Re: Re: Re: Re: Mis-diagnosed XSS bugs hiding worse issues due to PHP feature Jasper Bryant-Greene (Apr 01)