Full Disclosure mailing list archives

Re: Improper Character Handling In PHP Based Scriptslike PhpBB, IPB etc.

From: Patrick Hof <patrickhof () web de>
Date: Tue, 24 Jan 2006 13:11:01 +0100

Edward Pearson <Ed () unityitservices co uk> schrieb:

I can't reproduce this on vBulletin, Haven't tried the others.
Anybody know a good prog to discover what ASCII chars are?


$ python

file = open('poc.txt', 'r')
file.read()

'\xad\xaddesiredusername'


So it's ANSI Hex 0xAD, which is a so-called "soft hyphen". Those won't
be shown by many programs, as

http://www.cs.tut.fi/~jkorpela/shy.html

explains.

HTH, Patrick

-- 
"Take it off or else I break it off." -Leela, with Fry's arm around her

Attachment: signature.asc
Description: Digital signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

RE: Improper Character Handling In PHP Based Scriptslike PhpBB, IPB etc. Edward Pearson (Jan 24)
- Re: Improper Character Handling In PHP BasedScriptslike PhpBB, IPB etc. Brian Dessent (Jan 24)
- Re: Improper Character Handling In PHP Based Scriptslike PhpBB, IPB etc. Patrick Hof (Jan 24)
- <Possible follow-ups>
- RE: Improper Character Handling In PHP Based Scriptslike PhpBB, IPB etc. Edward Pearson (Jan 24)