ShortNews
+ + + 3 BRANDNEW NewsTickers for your Website! + + + easy configurable in less than 1 Minute + + + GET'EM NOW! + + +

   Home | Join | Submit News | MyShortNews | HighScores | FAQ'S | Forums 1 User in chat | 6 Users Online   
   
                  11/21/2009 10:14 AM  
  ShortNews Search
search all Channels
RSS feeds
   Top News High Tech
Canadian Woman Loses Health Insurance Over "Happy" Facebook Photos
Mussolini Blood and Brain Up for Sale on eBay
Microsoft Ordered to Stop Selling Some Versions of Windows by Chinese Court
Call Girl Blogger Belle de Jour is UK Scientist
Google Sued in Switzerland
XBox Ban Means Buying A New Console, But Are The Hackers Ready To Counter It?
Russian Policemen Turning to YouTube to Vent Concerns
Hacker Rickrolls the iPhone
Project Natal Release Date Leaked
more News
out of this Channel...
  2.208 Visits   12 Assessments  Show users who Rated this:
Quality: Good		 Back to Overview  
01/27/2002 02:16 PM ID: 16480 Permalink   

Poisoned Cookie Hole
 

The PHP functions in *nix systems, FOPEN(), REQUIRE(), INCLUDE() are seriously vulnerable to the poison null byte, wherein they drop anything that happens to follow the null in the filename.

PHP nuke uses Base64 encoding for coding user info into a cookie, and fails to check for special characters while decoding with base64_decode().This lets anyone to change SQL query criteria and open a door to /etc/password/

The patch is at the source URL.

 		 
  Source: www.securityfocus.com  
  WebReporter: kremens Show Calling Card      
  Recommendation:  
ASSESS this news: BLOCK this news. Reason:
   
  What's Your Opinion?
  
 
 
Copyright ©2009 ShortNews GmbH & Co. KG, Contact: info@shortnews.com