[Full-disclosure] Critical PHP bug - act ASAP if you are running web with sensitive data
Moriyoshi Koizumi
moriyoshi at at.wakwak.com
Thu Apr 6 01:58:41 BST 2006
Peter Conrad wrote:
>Hi,
>
>On Mon, Apr 03, 2006 at 11:06:01PM +0900, Moriyoshi Koizumi wrote:
>
>
>>While this is not part of the HTML / HTTP standards, major
>>browsers
>>around try to send such characters in the user input as HTML entities
>>that cannot
>>all be represented in the encoding of the originating HTML page
>>
>>
>
>out of curiosity: can you give an example for that behaviour? I've
>never seen it.
>
>
http://www.voltex.jp/~moriyoshi/test/demo.php
Moriyoshi
Full-Disclosure is hosted and sponsored by Secunia.