Network Security: Detailed info on Re: [Full-disclosure] Re: Advisory 18/2005: PHP Cross Site Scripting (XS

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security FullDisclosure

[Top] [All Lists]

Re: [Full-disclosure] Re: Advisory 18/2005: PHP Cross Site Scripting (XS

from [Florian Weimer] Network Security

[Permanent Link]

Subject:	Re: [Full-disclosure] Re: Advisory 18/2005: PHP Cross Site Scripting (XSS) Vulnerability in phpinfo()
Date:	Mon, 31 Oct 2005 21:04:27 +0100

* Stefan Esser:

http://viewcvs.php.net/viewcvs.cgi/php-src/ext/standard/info.c.diff?r1=1.245.2.2&r2=1.245.2.3

I hope this is enough to convince you... (because your bug report has
nothing todo with arrays not beeing escaped at all)


With current PHP, his URL happens to trigger the array escape bug,
though.  Matthew's criticims of PHP's development practices is not
completely unfounded, I'm afraid.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
[Full-disclosure] Advisory 18/2005: PHP Cross Site Scripting (XSS) Vulnerability in phpinfo(), Stefan Esser [Full-disclosure] Re: Advisory 18/2005: PHP Cross Site Scripting (XSS) Vulnerability in phpinfo(), Matthew Murphy Message not available [Full-disclosure] Re: Advisory 18/2005: PHP Cross Site Scripting (XSS) Vulnerability in phpinfo(), Matthew Murphy Re: [Full-disclosure] Re: Advisory 18/2005: PHP Cross Site Scripting (XSS) Vulnerability in phpinfo(), Stefan Esser Re: [Full-disclosure] Re: Advisory 18/2005: PHP Cross Site Scripting (XSS) Vulnerability in phpinfo(), Florian Weimer <= [Full-disclosure] Re: Advisory 18/2005: PHP Cross Site Scripting (XSS) Vulnerability in phpinfo(), Matthew Murphy Re: [Full-disclosure] Re: Advisory 18/2005: PHP Cross Site Scripting (XSS) Vulnerability in phpinfo(), Florian Weimer

Previous by Date:	Re: [Full-disclosure] Re: Advisory 18/2005: PHP Cross Site Scripting (XSS) Vulnerability in phpinfo(), Stefan Esser
Next by Date:	RE: [Full-disclosure] Security, Hacking & Social Engineering Presentation., James Eaton-Lee
Previous by Thread:	Re: [Full-disclosure] Re: Advisory 18/2005: PHP Cross Site Scripting (XSS) Vulnerability in phpinfo(), Stefan Esser
Next by Thread:	[Full-disclosure] Re: Advisory 18/2005: PHP Cross Site Scripting (XSS) Vulnerability in phpinfo(), Matthew Murphy
Indexes:	[Date] [Thread] [Top] [All Lists]