What happens if you exceed uint32?
Just curious, security-wise, because AFAIR exceeding uint32 would be possible
through superglobals only, which a potential attacker could abuse.
param=foo
param[a]=fooparam[b]=fooparam[c]=fooparam[…]=foo (reaching uin32+1)
On 22 Oct 2014, at 21:15, Nikita
an information leak
vulnerability in PHP which should be fixed.
On 22 Oct 2014, at 21:31, Nikita Popov nikita@gmail.com wrote:
On Wed, Oct 22, 2014 at 9:18 PM, Daniel Zulla daniel.zu...@gmail.com wrote:
What happens if you exceed uint32?
Just curious, security-wise, because AFAIR exceeding
QUERY_STRING is limited; but what about POST/etc.?
I think giving attackers a way to turn a variable into an array is a problem at
large.
On 22 Oct 2014, at 22:08, Anatol Belski a...@php.net wrote:
On Wed, October 22, 2014 21:18, Daniel Zulla wrote:
What happens if you exceed uint32
YEAH ME TOO.
On 17 Oct 2014, at 15:03, Bola Jones bolajo...@gmail.com wrote:
REMOVE FROM LISTS, PLEASE.
2014-10-17 1:51 GMT-03:00 Stas Malyshev smalys...@gmail.com:
Hello!
The PHP development team announces the immediate availability of PHP
5.4.34.
6 security-related bugs were fixed
DOESN’T WORK.
On 17 Oct 2014, at 16:45, Andrea Faulds a...@ajf.me wrote:
HAVE YOU TWO CONSIDERED HTTP://WWW.PHP.NET/unsub.php?
On 17 Oct 2014, at 15:36, Daniel Zulla daniel.zu...@gmail.com wrote:
YEAH ME TOO.
On 17 Oct 2014, at 15:03, Bola Jones bolajo...@gmail.com wrote:
REMOVE
hi list,
i'm working as a penetration tester and php developer for various german
webhosting companies.
i just wanted to ask - what happened to the great idea of tainted-flags in a
development-mode
php interpreter, after 2008?
as far as i can see, there are two implementations:
too:
You take a look on the code, and you just know exactly what's going on.
When magic_quotes and register_globals will, finally, be killed in
PHP6, this could be, finally, a real security feature, couldn't it?
Greets,
Daniel Zulla
[1] Code Example:
?php
request_init(Array(POST, GET), Array