PHP Information Disclosure Vulnerability

Information Disclosure Vulnerability found in PHP versions below PHP 5.1.3 RC1

PHP ‘html_entity_decode()’ function is prone to an information-disclosure vulnerability. This issue arises when a script using the function accepts data from a remote untrusted source and returns the function’s result to an attacker.
–

$foobar=html_entity_decode($_GET['foo']);
echo $foobar;

Running it with url:

http://www.example.com/index.php?foo=%00ss

Source :: unknown

Submit Article :- Blogmarks + Digg + Del.icio.us + Ekstreme Socializer + Feedmarker + Furl + Google Bookmarks + ma.gnolia + Netvouz + RawSugar + Reddit + Scuttle + Shadows + Simpy + Spurl + Technorati + Unalog + Wink

Posted in: General

This entry was posted on Tuesday, August 22nd, 2006 at 8:01 am and is filed under General. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

You must be logged in to post a comment.

aloke blogs once in a while

/me on the net