while doing some work using php, i found something interesting which
possibbly can be use to exploit this kind of bug. Instead of injecting
carriage return chr(0x13) you can also inject php terminate code( ?> ) to
stop one line comment (// or #) in php (tested on 5.1.4 on windows).
possibbly can be use to exploit this kind of bug. Instead of injecting
carriage return chr(0x13) you can also inject php terminate code( ?> ) to
stop one line comment (// or #) in php (tested on 5.1.4 on windows).
ex:
<?
//...
[ more ]