character entities

PHP Logic Flaws.

By secgeeks - Posted on July 28th, 2008

Tagged:

440

vote

Today I want to show you a vulnerability[1] found in IceBB by __GiReX__ which was submitted to milw0rm yesterday. It is exactly such vulnerability that happens when programmers trying to invent their own security mechanisms without understanding all the pitfalls it can create. I thought it would be interesting to see how programmers are thinking and learning. Code block 1, that comes from IceBB, contains some interesting thought flow that led to SQL injection, exactly what the programmer wanted to prevent against. read more »


94.  function clean_string($v) 
    {

Recent blog posts

Newly Popular

Drupalit monthly

Drupalit weekly

Drupalit daily

Drupalit hottest

Drupalit latest

Recent comments

Problem solved!!!!
30 weeks 1 day ago
New version here
32 weeks 5 days ago
thanks for sharing.
1 year 1 week ago
links
1 year 1 week ago
Link to preplay
1 year 1 week ago
so now you are on linkedin
1 year 18 weeks ago
Outlook Email search tool
1 year 33 weeks ago
nice tool..
2 years 24 weeks ago
Preplay for windows
2 years 25 weeks ago
yeah,foxit is god
2 years 27 weeks ago

Get SecGeeks Feeds in your email:

Navigation

Who's online

There are currently 0 users and 11 guests online.

BlogRoll

Hack In The Box

http://maltainfosec.org
http://sipvicious.org/blog/
astalavista.com
Fake antivirus removal instructions

Partners

www.techmantras.com
Play Free Bingo at WikiBingo.co.uk
Find the latest Scratch Cards Games
Play bingo with no commitment-bingo winner.
Rent Sell Property
Post your Classified Ads for free
add your link here..