QUERY_STRING is limited; but what about POST/etc.?
I think giving attackers a way to turn a variable into an array is a problem at
large.
On 22 Oct 2014, at 22:08, Anatol Belski wrote:
> On Wed, October 22, 2014 21:18, Daniel Zulla wrote:
>> What happens if you exceed uint32?
>&g
information leak
vulnerability in PHP which should be fixed.
On 22 Oct 2014, at 21:31, Nikita Popov wrote:
> On Wed, Oct 22, 2014 at 9:18 PM, Daniel Zulla wrote:
> What happens if you exceed uint32?
>
> Just curious, security-wise, because AFAIR exceeding uint32 would be possibl
What happens if you exceed uint32?
Just curious, security-wise, because AFAIR exceeding uint32 would be possible
through superglobals only, which a potential attacker could abuse.
param=foo
param[a]=foo¶m[b]=foo¶m[c]=foo¶m[…]=foo (reaching uin32+1)
On 22 Oct 2014, at 21:15, Nikita Popov wrote
DOESN’T WORK.
On 17 Oct 2014, at 16:45, Andrea Faulds wrote:
> HAVE YOU TWO CONSIDERED HTTP://WWW.PHP.NET/unsub.php?
>
>> On 17 Oct 2014, at 15:36, Daniel Zulla wrote:
>>
>> YEAH ME TOO.
>>
>> On 17 Oct 2014, at 15:03, Bola Jones wrote:
>>
>&
YEAH ME TOO.
On 17 Oct 2014, at 15:03, Bola Jones wrote:
> REMOVE FROM LISTS, PLEASE.
>
> 2014-10-17 1:51 GMT-03:00 Stas Malyshev :
>
>> Hello!
>>
>> The PHP development team announces the immediate availability of PHP
>> 5.4.34.
>> 6 security-related bugs were fixed in this release, includin
hi list,
i'm working as a penetration tester and php developer for various german
webhosting companies.
i just wanted to ask - what happened to the great idea of tainted-flags in a
development-mode
php interpreter, after 2008?
as far as i can see, there are two implementations:
http://wiki.php.n
ay() and trying to quote it anymore. It's an advantage
for readability too:
You take a look on the code, and you just know exactly what's going on.
When magic_quotes and register_globals will, finally, be killed in
PHP6, this could be, finally, a real security feature, could
