Full Disclosure mailing list archives

Re: Critical PHP bug - act ASAP if you are running web with sensitive data

From: "Slythers Bro" <slythers () gmail com>
Date: Wed, 29 Mar 2006 07:22:12 +0200

<?php
   $host = "127.0.0.1";
   $user = "sqluser";
   $pass = "sqlpass";

 .....

   $foobar=html_entity_decode($_GET['foo']);
   echo $foobar;

?>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Critical PHP bug - act ASAP if you are running web with sensitive data Tõnu Samuel (Mar 28)
- Re: Critical PHP bug - act ASAP if you are running web with sensitive data Tõnu Samuel (Mar 28)
  - Re: Critical PHP bug - act ASAP if you are runningweb with sensitive data FuntKlakow (Mar 28)
  - Re: Critical PHP bug - act ASAP if you are running web with sensitive data Stefan Esser (Mar 28)
    - Re: Critical PHP bug - act ASAP if you are running web with sensitive data Tõnu Samuel (Mar 28)
    - Re: Critical PHP bug - act ASAP if you are running web with sensitive data Jasper Bryant-Greene (Mar 28)
    - Re: Critical PHP bug - act ASAP if you are running web with sensitive data Slythers Bro (Mar 28)
    - Re: Critical PHP bug - act ASAP if you are running web with sensitive data Slythers Bro (Mar 28)
    - Re: Critical PHP bug - act ASAP if you are running web with sensitive data Jasper Bryant-Greene (Mar 28)
    - Re: Critical PHP bug - act ASAP if you are running web with sensitive data Tõnu Samuel (Mar 28)
    - Re: Critical PHP bug - act ASAP if you are running web with sensitive data Jasper Bryant-Greene (Mar 28)
    - Re: PHP html_decode_entity vulnerability Tõnu Samuel (Mar 29)
    - Re: Critical PHP bug - act ASAP if you are running web with sensitive data Tõnu Samuel (Mar 28)
    - Re: Critical PHP bug - act ASAP if you are running web with sensitive data Tõnu Samuel (Mar 28)
    - Re: Critical PHP bug - act ASAP if you are running web with sensitive data Jeff Rosowski (Mar 29)