Many web apps use code similar to this:

header(’Content-Disposition: attachment;filename=’.$name);

Forgetting about header splitting here…

What is wrong? If the name has a space in it is violates RFC 2231.

Why? RFC 2231 allows for the use of extended characters within the filename, for example international characters.
Internet Explorer does not support internationalisation, and thus will read till the end of the line. (:: rolls eyes ::)

A fixed example:

rmnl() removes occurrences of \r and \n.

header(’Content-Disposition: attachment;filename=”‘.str_replace(’”‘, ‘-’, rmnl($name.’.m3u”‘)));

You also use addslashes() on $name, but be aware that some file systems won’t allow quotes (eg. NTFS) Firefox in that case automatically converts the ” into a -.

Regards,

Steven Roddis

Can’t remember which arguments you have to use with tar, etc.?

*.tgz use tar -zxvf
*.tar.bz2 use tar -jxvf
*.tar.bzip2 use tar -jxvf
*.zip use unzip
*.tar use tar -xvf
*.bz2 use bunzip2 -d -v
*.gz use gunzip -d -v
*.arj use unarj
*.lha use lha x
*.ace use unace
*.rar use rar x (Note: on on some systems “unrar”, others “unrar x”)
*.cab use cabextract (Note: Some .cab files need unshield (apt-get install unshield))
*.Z use uncompress
*.zoo use zoo -extract
*.chm use chmextract
*.xpi use unzip
*.jar use jar xvf
*.deb use ar xv
*.lzo use lzop -x
*.7z use 7z x

Steven.

Ok, you’re on some channel on an IRC network… yada yada… so loser wants to hack you…

>Yeah, my IP is 127.0.0.1 go hack it…

Looks like they tried to…

There is your laugh for today…

I would of thought DShield would of filtered out bogus firewall logs…

Hm.. NULL even tried some hacking…

I wonder if 255.255.255.255 did?

Today I needed to use curl, but this time via a http proxy that required authentication:

curl_setopt($ch, CURLOPT_HTTPPROXYTUNNEL, 1);
curl_setopt($ch, CURLOPT_PROXY, ‘proxy.mybusiness.null:8080′);
curl_setopt($ch, CURLOPT_PROXYUSERPWD, ‘user:password’);

Easy, huh? Just add those three lines before you call curl_exec().

Steven.

Stefan Esser of the Hardened-PHP Project posted a security advisory of a flaw in ModSecurity regarding POST Data NULL Byte Rule Bypass.

The problem is that it is possible to bypass rules by adding NULL bytes to POST data with the application/x-www-form-urlencoded media type.

Now the funny part:

SOLUTION:
Do not rely solely on ModSecurity to block attacks.

ModSecurity isn’t a magical anti-hack solution, and the people who use it know that. Kinda stating a very obvious fix. How about “turn off scripting” :) [IE]

Steven.

The guys over at the Hardened-PHP Project have started a months of PHP Bugs. Whereby they set out to find vulnerabilities in the PHP Core (not any specific application). At the time of writing, they are up-to their 9th flaw. You can see all the action at php-security.org.

Yesterday I made a nother presentation at the Sydney PHP Group February Meeting.

This time about dealing with comment spam.

For those who are interested my slides are in S5 format (xHTML + CSS + JScript).