PHP Strip_Tags() Function Bypass Vulnerability

No exploit is required, but an example was provided.

If a web application uses strip_tags() similar to:
$example = strip_tags($_REQUEST['user_input'], "<b><i><s>");

Then possible tags that may lead to exploitation might be:
<\0script> or <s\0cript>


 

Privacy Statement
Copyright 2010, SecurityFocus