[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] PHP Array and Null Bytes
- To: upb <upbupb@xxxxxxxxx>
- Subject: Re: [Full-disclosure] PHP Array and Null Bytes
- From: Stefan Lochbihler <steve01@xxxxxxxxx>
- Date: Sat, 11 Nov 2006 21:06:29 +0100
Before i start to read the whole source please tell me if php act
according to the rules.
Once again - when i create the following array with apostrophes
<http://odge.de/englisch-deutsch/apostrophe.html> in php
arr['\0'] = ...
the output from <<print_r>> is as follow: Array( [\0] ...)
When i create the array with quotes the output is as follow:
arr["\0"] = ... Array ( Null Byte)
When i create the array from the url with register globals on
arr[%00] the output is as follow: Simply nothing !
PS: read the php source, 'array's are implemented in Zend/zend_hash.c
I know that i could do this, but it cost a lot of time and
therefor i decided
to ask someone who may had the same problem :-)
regards
Steve
upb schrieb:
read the php source, 'array's are implemented in Zend/zend_hash.c :)
On 11/10/06, Stefan Lochbihler <steve01@xxxxxxxxx> wrote:
Hi guys,
some questions to NULL Bytes within PHP Arrays.
Let us assume there exist a php script with the following code.
$erg=$_GET['show']
if(!isset($arr[$erg]) $erg="something";
$arr is a predefined variable but with "register globals on" it would be
possible to set your own Array Key. This means when you set
$erg=test
$arr[test]
you could deliver almost every chars you want. My problem is that
i want to deliver a content like that.
$erg=index.html%00
$arr[index.html%00]
The problem is that the Null Byte within the array destroy the array.
My question is if there exist a way to avoid the Null Byte within
the array. For example (im not really familiar with charsets)
to create the Null Byte with the help of f.e. UTF-7 encoded
chars.
If someone has an idea please let me know.
Best regards
Steve
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
begin:vcard
fn:Steve
n:Lochbihler;Stefan
email;internet:steve01@xxxxxxxxx
x-mozilla-html:FALSE
url:http://www.xion-security.at
version:2.1
end:vcard
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/