Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-disclosure] strip_tags() but not only vulnerability

from [Tõnu Samuel] Network Security [Permanent Link]
Subject: [Full-disclosure] strip_tags() but not only vulnerability
Date: Wed, 29 Mar 2006 16:15:14 +0300 
Some time ago I wrote document describing common problem with cleaning up 
HTML. PHP manual states some little warning about topic but no solution on 
http://www.php.net/strip_tags

Many websites are still vulnerable and similar problems happen not depending 
on programming language too often:

http://www.jes.ee/~tonu/strip.php

Please do not start flamewar, I know some people might find this information 
useful. Yes, it is not "advanced" and this is why people often do not notice 
the problem.

  Tõnu

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Full-disclosure] strip_tags() but not only vulnerability, Tõnu Samuel <=
Previous by Date:  [Full-disclosure] Re: [MPlayer-users] [xfocus-SD-060329]MPlayer: Multiple integer overflows, Attila Kinali
Next by Date:  [Full-disclosure] EzASPSite <= 2.0 RC3 Remote SQL Injection Exploit Vulnerability., Mustafa Can Bjorn IPEKCI
Previous by Thread:  [Full-disclosure] [ GLSA 200603-26 ] bsd-games: Local privilege escalation in tetris-bsd, Stefan Cornelius
Next by Thread:  [Full-disclosure] EzASPSite <= 2.0 RC3 Remote SQL Injection Exploit Vulnerability., Mustafa Can Bjorn IPEKCI
Indexes:  [Date] [Thread] [Top] [All Lists]