[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Re: Re: Re: Mis-diagnosed XSS bugs hiding worse issues due to PHP feature
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: Re: [Full-disclosure] Re: Re: Re: Mis-diagnosed XSS bugs hiding worse issues due to PHP feature
- From: "Siegfried" <admin@xxxxxxxxx>
- Date: Sun, 2 Apr 2006 09:00:26 +0200 (CEST)
This is actually what i wanted to say, "that" stripslashes if you prefer,
i'm not sure if he wanted to use it to validate the input, or that would
be really dumb, but anyway it's really not important at all....
i leave you to the n3td3v trolls now, have fun, but keep an eye on all
advisories :)
Siegfried
Le Dim 2 avril 2006 08:47, Jasper Bryant-Greene a écrit :
> Siegfried wrote:
>> Yes like you said there is no check, because the stripslashes is a joke.
>> And yes this script isn't famous at all, but it was just to show a
>> recent
>> example of an error in the advisory, even if this one is just a detail
>
> Stripslashes is not a joke, it's just not designed for what its being
> used for. The developer that tries to use it for input
> validation/checking, now *there's* the joke!
>
> --
> Jasper Bryant-Greene
> General Manager
> Album Limited
>
> http://www.album.co.nz/ 0800 4 ALBUM
> jasper@xxxxxxxxxxx 021 708 334
>
--
Zone-H Admin
admin@xxxxxxxxx
www.zone-h.org
www.zone-h.fr
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/