Full Disclosure mailing list archives
Re: Improper Character Handling In PHP Based Scriptslike PhpBB, IPB etc.
From: Patrick Hof <patrickhof () web de>
Date: Tue, 24 Jan 2006 13:11:01 +0100
Edward Pearson <Ed () unityitservices co uk> schrieb:
I can't reproduce this on vBulletin, Haven't tried the others. Anybody know a good prog to discover what ASCII chars are?
$ python
file = open('poc.txt', 'r') file.read()
'\xad\xaddesiredusername'
So it's ANSI Hex 0xAD, which is a so-called "soft hyphen". Those won't be shown by many programs, as http://www.cs.tut.fi/~jkorpela/shy.html explains. HTH, Patrick -- "Take it off or else I break it off." -Leela, with Fry's arm around her
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- RE: Improper Character Handling In PHP Based Scriptslike PhpBB, IPB etc. Edward Pearson (Jan 24)
- Re: Improper Character Handling In PHP BasedScriptslike PhpBB, IPB etc. Brian Dessent (Jan 24)
- Re: Improper Character Handling In PHP Based Scriptslike PhpBB, IPB etc. Patrick Hof (Jan 24)
- <Possible follow-ups>
- RE: Improper Character Handling In PHP Based Scriptslike PhpBB, IPB etc. Edward Pearson (Jan 24)