Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
exploitdbStefan EsserEDB-ID:24280
HistoryJul 14, 2004 - 12:00 a.m.

PHP 4.x/5.0 - 'Strip_Tags()' Function Bypass

2004-07-1400:00:00
Stefan Esser
www.exploit-db.com
31

AI Score

7.4

Confidence

Low

JSON
source: https://www.securityfocus.com/bid/10724/info

It is reported that it is possible to bypass PHPs strip_tags() function.

It is reported that under certain circumstances, PHPs strip_tags() function will improperly leave malformed tags in place.

This vulnerability may mean that previously presumed-safe web applications could contain multiple cross-site scripting and HTML injection vulnerabilities when viewed by Microsoft Internet Explorer or Apple Safari web browsers.

It is reported that 'magic_quotes_gpc' must be off for PHP to be vulnerable to this issue. 

If a web application uses strip_tags() similar to:
$example = strip_tags($_REQUEST['user_input'], "<b><i><s>");

Then possible tags that may lead to exploitation might be:
<\0script> or <s\0cript>

Related

nvd 1
packetstorm 1
nessus 13
openvas 14
securityvulns 2
cve 1
freebsd 1
cvelist 1
debian 3
redhat 2
slackware 1
gentoo 1
osv 2
exploitdb 1
exploitpack 1
suse 1
nvd
nvd
CVE-2004-0595
2004-07-27 04:00:00
packetstorm
packetstorm
mambo453.txt
2006-02-26 00:00:00
nessus
nessus
FreeBSD : php -- strip_tags XSS vulnerability (edf61c61-0f07-11d9-8393-000103ccf9d6)
2005-07-13 00:00:00
Debian DSA-669-1 : php3 - several vulnerabilities
2005-02-10 00:00:00
SUSE-SA:2004:021: php4/mod_php4
2004-07-25 00:00:00
openvas
openvas
php -- strip_tags cross-site scripting vulnerability
2008-09-04 00:00:00
php -- strip_tags cross-site scripting vulnerability
2008-09-04 00:00:00
Gentoo Security Advisory GLSA 200407-13 (PHP)
2008-09-24 00:00:00
securityvulns
securityvulns
[Full-Disclosure] Advisory 12/2004: PHP strip_tags&#40;&#41; bypass vulnerability
2004-07-14 00:00:00
Mambo Multiple Vulnerabilities
2006-02-25 00:00:00
cve
cve
CVE-2004-0595
2004-07-27 04:00:00
freebsd
freebsd
php -- strip_tags cross-site scripting vulnerability
2004-07-07 00:00:00
cvelist
cvelist
CVE-2004-0595
2004-07-16 04:00:00
debian
debian
[SECURITY] [DSA 669-1] New php3 packages fix several vulnerabilities
2005-02-07 12:12:08
[SECURITY] [DSA 531-1] New php4 packages fix multiple vulnerabilities
2004-07-21 02:41:59
[SECURITY] [DSA 669-1] New php3 packages fix several vulnerabilities
2005-02-07 12:12:08
redhat
redhat
(RHSA-2004:395) php security update
2004-07-19 00:00:00
(RHSA-2004:392) php security update
2004-07-19 00:00:00
slackware
slackware
PHP
2004-07-20 23:21:16
gentoo
gentoo
PHP: Multiple security vulnerabilities
2004-07-15 00:00:00
osv
osv
php3 - several
2005-02-07 00:00:00
php4 - several vulnerabilities
2004-07-20 00:00:00
exploitdb
exploitdb
Mambo &lt; 4.5.3h - Multiple Vulnerabilities
2016-02-24 00:00:00
exploitpack
exploitpack
Mambo 4.5.3h - Multiple Vulnerabilities
2016-02-24 00:00:00
suse
suse
remote code execution in php4/mod_php4
2004-07-16 12:43:18

AI Score

7.4

Confidence

Low

JSON
Related for EDB-ID:24280
nvd1packetstorm1nessus13openvas14securityvulns2cve1freebsd1cvelist1debian3redhat2slackware1gentoo1osv2exploitdb1exploitpack1suse1