PHP Strip_Tags() Function Bypass Vulnerability

It is reported that it is possible to bypass PHPs strip_tags() function.

It is reported that under certain circumstances, PHPs strip_tags() function will improperly leave malformed tags in place.

This vulnerability may mean that previously presumed-safe web applications could contain multiple cross-site scripting and HTML injection vulnerabilities when viewed by Microsoft Internet Explorer or Apple Safari web browsers.

It is reported that 'magic_quotes_gpc' must be off for PHP to be vulnerable to this issue.


 

Privacy Statement
Copyright 2010, SecurityFocus