[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Improper Character Handling In PHP BasedScriptslike PhpBB, IPB etc.

Hi,

I dont get a crash, Win2k Mozilla/5.0 (Windows; U; Windows NT 5.0;
en-GB; rv:1.7.12) Gecko/20050919 Firefox/1.0.7

However,

If i paste into the google toolbar that comes with firefox then both
the -- are removed.  when I paste a second time it happens the same

as in
--test then paste again --test
displays
testtest

If i then highlight this and delete it i am still left with the word
test.  It would seem that the - symbols get reinterpreted into acsii
(cause there is 4 of them the word test reappears)

If i do exactly the same with the seach box on www.google.co.uk then i
get 1 minus sign in the box and when i highlight and delete all i get
'st' ( leading me to believe its the - symbols)

dont know if this helps

Cheers.

dj

On 24/01/06, Edward Pearson <Ed@xxxxxxxxxxxxxxxxxxxxx> wrote:
>
> Ok,
> I can reproduce it, try pasting the two chars in question into ANY textbox
> in FF 1.5 twice, Please inform me if you get a crash.
>
>   *Edward Pearson - IT Engineer*
> t:  0870 851 8188
> f:  0870 851 8198
> m: 07729 155751
> w: www.unityitservices.co.uk  9 Fishers Estate | Wiggenhall Road | Watford
> | Hertfordshire | WD18 0FN
>
>
>
>
>
>
>
> Support Contracts Software Solutions Broadband Disaster Recovery
> Hardware Sales Hosting Services Database Development Network Installations
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>

PNG image

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/