Re: [Full-disclosure] Improper Character Handling In PHP BasedScriptslike PhpBB, IPB etc.

2006-01-24 Thread Disco Jonny 
Hi,

I dont get a crash, Win2k Mozilla/5.0 (Windows; U; Windows NT 5.0;
en-GB; rv:1.7.12) Gecko/20050919 Firefox/1.0.7

However,

If i paste into the google toolbar that comes with firefox then both
the -- are removed. when I paste a second time it happens the same

as in
--test then paste again --test
displays
testtest

If i then highlight this and delete it i am still left with the word
test. It would seem that the - symbols get reinterpreted into acsii
(cause there is 4 of them the word test reappears)

If i do exactly the same with the seach box on www.google.co.uk then i
get 1 minus sign in the box and when i highlight and delete all i get
'st' ( leading me to believe its the - symbols)

dont know if this helps

Cheers.

djOn 24/01/06, Edward Pearson [EMAIL PROTECTED] wrote:





Ok,
I can reproduce it, 
try pasting the two chars in question into ANY textbox in FF 1.5 twice, Please 
inform me if you get a crash.



  
  
Edward Pearson - IT 
  Engineert: 0870 851 8188f: 0870 
  851 8198m: 07729 155751w: 
www.unityitservices.co.uk

  
9 Fishers Estate 
  | Wiggenhall Road |
 
  Watford | Hertfordshire |
 WD18 
  0FN



Support Contracts Software SolutionsBroadband 
Disaster RecoveryHardware SalesHosting Services Database Development 
Network Installations 


___Full-Disclosure - We believe in it.Charter: 
http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored by Secunia - http://secunia.com/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Improper Character Handling In PHP BasedScriptslike PhpBB, IPB etc.

2006-01-24 Thread Brian Dessent 
Edward Pearson wrote:

 Anybody know a good prog to discover what ASCII chars are?

Jesus, what has the world come to when people on a security list can't
even seem to work a hex editor?  Do you realize how pathetic that
sounds?

The character in question is U+00AD aka SOFT HYPHEN. 
http://www.cs.tut.fi/~jkorpela/shy.html

Brian
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Improper Character Handling In PHP BasedScriptslike PhpBB, IPB etc.

2006-01-24 Thread Daniel Veditz 
Edward Pearson wrote:
 Ok,
 I can reproduce it, try pasting the two chars in question into ANY
 textbox in FF 1.5 twice, Please inform me if you get a crash.

This is https://bugzilla.mozilla.org/show_bug.cgi?id=319914, fixed in
the release candidate for Firefox 1.5.0.1

http://weblogs.mozillazine.org/qa/archives/2006/01/firefox_rc1_candidate_availabl.html
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/