WebApp Sec mailing list archives
Re: PHP variable sanitization functions
From: "Gavin Zuchlinski" <gzuchlinski () pgsit org>
Date: Mon, 25 Aug 2003 12:40:23 -0400
Your sanitize_sql_string function allows backslash.
Thanks for pointing that out, it is now fixed.
Your sanitize_system_string function allows the string to contain newlines and quotation marks. An attacker could close the argument with a quotation mark, add a newline, and then run an arbitrary command.
Again thanks, I originally went through a bash reference but horribly neglected to include quotes. Some of the changes Liam mentioned were added to the code early this morning quickly before I headed off to class, so some people might have gotten the updated code without realizing it was updated. Also thanks to Jamie Pratt, I created a seperate sanitize_html_string which is intended to stop xss. Please help me by critiqueing that some more. The page is http://libox.net/sanitize.php -Gavin Zuchlinski http://libox.net/
Current thread:
- PHP variable sanitization functions Gavin Zuchlinski (Aug 24)
- Re: PHP variable sanitization functions Liam Quinn (Aug 24)
- Re: PHP variable sanitization functions Jamie Pratt (Aug 25)
- Re: PHP variable sanitization functions Gavin Zuchlinski (Aug 25)
- <Possible follow-ups>
- Re: PHP variable sanitization functions Ulf Harnhammar (Aug 26)
- Re: PHP variable sanitization functions Jan Pieter Kunst (Aug 26)
- Re: PHP variable sanitization functions Cameron Green (Aug 26)
- Re: PHP variable sanitization functions Jan Pieter Kunst (Aug 27)
- Re: PHP variable sanitization functions Cameron Green (Aug 27)
- Re: PHP variable sanitization functions Gavin Zuchlinski (Aug 28)
- Re: PHP variable sanitization functions Jean-Jacques Halans (Aug 29)
- Looking for coder.htm / ASCII encoder n30 (Aug 29)
- Re: PHP variable sanitization functions Jan Pieter Kunst (Aug 26)
- Re: PHP variable sanitization functions Liam Quinn (Aug 24)
- Re: PHP variable sanitization functions Tim Tompkins (Aug 29)