Phabricator: Bypass (2)

ID H1:2233
Type hackerone
Reporter tomvg
Modified 2014-03-26T01:04:47


This vulnerability has the same effect as my previously reported bug #2224 Bypass, but uses a very different approach, bypassing the current fix.

Instead of truncating through length, this vulnerability uses truncation via MySQL’s (weird) behaviour on inserting Unicode characters with code points greater than 0xFFFF into columns that have a utf8 charset. MySQL then truncates a string as soon as it reaches such a character. For more info, see How to support full Unicode in MySQL databases by @mathias.

To replicate, register an account with following address:𝌆

I would suggest to reconsider not verifying email addresses as was mentioned here.