Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Full Disclosure: Full-Disclosure

PHP Array and Null Bytes

  

 
Full Disclosure full-disclosure RSS feed   Index | Next | Previous | View Threaded


steve01 at chello

Nov 10, 2006, 4:27 AM

Post #1 of 3 (707 views)
Permalink
PHP Array and Null Bytes
Hi guys,

some questions to NULL Bytes within PHP Arrays.

Let us assume there exist a php script with the following code.

$erg=$_GET['show']

if(!isset($arr[$erg]) $erg="something";

$arr is a predefined variable but with "register globals on" it would be
possible to set your own Array Key. This means when you set

$erg=test
$arr[test]

you could deliver almost every chars you want. My problem is that
i want to deliver a content like that.

$erg=index.html%00
$arr[index.html%00]

The problem is that the Null Byte within the array destroy the array.
My question is if there exist a way to avoid the Null Byte within
the array. For example (im not really familiar with charsets)
to create the Null Byte with the help of f.e. UTF-7 encoded
chars.

If someone has an idea please let me know.

Best regards

Steve
Attachments: steve01.vcf (0.15 KB)


upbupb at gmail

Nov 11, 2006, 10:05 AM

Post #2 of 3 (659 views)
Permalink
Re: PHP Array and Null Bytes [In reply to]
read the php source, 'array's are implemented in Zend/zend_hash.c :)

On 11/10/06, Stefan Lochbihler <steve01[at]chello.at> wrote:
>
> Hi guys,
>
> some questions to NULL Bytes within PHP Arrays.
>
> Let us assume there exist a php script with the following code.
>
> $erg=$_GET['show']
>
> if(!isset($arr[$erg]) $erg="something";
>
> $arr is a predefined variable but with "register globals on" it would be
> possible to set your own Array Key. This means when you set
>
> $erg=test
> $arr[test]
>
> you could deliver almost every chars you want. My problem is that
> i want to deliver a content like that.
>
> $erg=index.html%00
> $arr[index.html%00]
>
> The problem is that the Null Byte within the array destroy the array.
> My question is if there exist a way to avoid the Null Byte within
> the array. For example (im not really familiar with charsets)
> to create the Null Byte with the help of f.e. UTF-7 encoded
> chars.
>
> If someone has an idea please let me know.
>
> Best regards
>
> Steve
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>
>


steve01 at chello

Nov 11, 2006, 12:06 PM

Post #3 of 3 (657 views)
Permalink
Re: PHP Array and Null Bytes [In reply to]
Before i start to read the whole source please tell me if php act
according to the rules.

Once again - when i create the following array with apostrophes
<http://odge.de/englisch-deutsch/apostrophe.html> in php

arr['\0'] = ...

the output from <<print_r>> is as follow: Array( [\0] ...)

When i create the array with quotes the output is as follow:

arr["\0"] = ... Array ( Null Byte)

When i create the array from the url with register globals on

arr[%00] the output is as follow: Simply nothing !

PS: read the php source, 'array's are implemented in Zend/zend_hash.c

I know that i could do this, but it cost a lot of time and
therefor i decided
to ask someone who may had the same problem :-)

regards

Steve






upb schrieb:
> read the php source, 'array's are implemented in Zend/zend_hash.c :)
>
> On 11/10/06, Stefan Lochbihler <steve01[at]chello.at> wrote:
>>
>> Hi guys,
>>
>> some questions to NULL Bytes within PHP Arrays.
>>
>> Let us assume there exist a php script with the following code.
>>
>> $erg=$_GET['show']
>>
>> if(!isset($arr[$erg]) $erg="something";
>>
>> $arr is a predefined variable but with "register globals on" it would be
>> possible to set your own Array Key. This means when you set
>>
>> $erg=test
>> $arr[test]
>>
>> you could deliver almost every chars you want. My problem is that
>> i want to deliver a content like that.
>>
>> $erg=index.html%00
>> $arr[index.html%00]
>>
>> The problem is that the Null Byte within the array destroy the array.
>> My question is if there exist a way to avoid the Null Byte within
>> the array. For example (im not really familiar with charsets)
>> to create the Null Byte with the help of f.e. UTF-7 encoded
>> chars.
>>
>> If someone has an idea please let me know.
>>
>> Best regards
>>
>> Steve
>>
>>
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>>
>>
>
Attachments: steve01.vcf (0.15 KB)

Full Disclosure full-disclosure RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact lists@gossamer-threads.com
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.