NYCPHP Meetup

NYPHP.org

[nycphp-talk] PHP Vulnerability

csnyder chsnyder at gmail.com
Fri Dec 17 16:11:48 EST 2004

Previous message: [nycphp-talk] PHP Vulnerability
Next message: [nycphp-talk] PHP Vulnerability
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Daniel Convissor  wrote:
> You mean _improperly validated_ user input.  Come on, who would pass
> unsanitized user input to ANYTHING? :)

Well gees -- you pass unsanitized user input to addslashes(), dontcha?

We're not talking about sending user input to a database query or
shell command -- the unserialize() vulnerability happens inside PHP
itself.

Previous message: [nycphp-talk] PHP Vulnerability
Next message: [nycphp-talk] PHP Vulnerability
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the talk mailing list
Automatic Email Organization without missing anything!