[Full-disclosure] Critical PHP bug - act ASAP if you are running web with sensitive data
moriyoshi at at.wakwak.com
Thu Apr 6 01:58:41 BST 2006
Peter Conrad wrote:
>On Mon, Apr 03, 2006 at 11:06:01PM +0900, Moriyoshi Koizumi wrote:
>>While this is not part of the HTML / HTTP standards, major
>>around try to send such characters in the user input as HTML entities
>>all be represented in the encoding of the originating HTML page
>out of curiosity: can you give an example for that behaviour? I've
>never seen it.
Full-Disclosure is hosted and sponsored by Secunia.