Follow us on Twitter!
It is the path of least resistance that makes rivers and men crooked. - Bj Palmer
Friday, April 18, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 18
Guests Online: 18
Members Online: 0

Registered Members: 82822
Newest Member: TheBunter
Latest Articles
View Thread

HellBound Hackers | Computer General | Increasing Security

Author

Poison Null Protection


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 23-06-08 18:36
Ok well I know it sounds like a noobish and simple question, but I'm looking for a simple way to prevent null byte injections in PHP.

I have looked around a little but I keep finding ways to exploit it rather than fix it.


Author

RE: Poison Null Protection

clone4
Member



Posts: 586
Location: He is back and he's bad!
Joined: 25.11.07
Rank:
Mad User
Posted on 23-06-08 18:47
Sry not to give you help directly, but I don't know php very well... Anyway I googled string "prevent php null byte injections" without quotes and it returned some interesting I'd useful documents


[img][/img]img164.imageshack.us/img164/5713/perlvl0.jpg

clone4.freehostia.com/ubuntu_3.png
spyware - "They see me trollin'..."
<yaragn> ever seen that movie? The Matrix?
<yaragn> with those green lines of flying text?
<yaragn> *THAT'S* Perl

clone_4@hotmail.com
Author

RE: Poison Null Protection


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 24-06-08 03:06
http://www.hackit. . .5f341ef29f

The author used a switch case statement that uses pages that are already there as cases and if the user tries to input a page that is not there already, then it goes to the index.php as a default.






Edited by on 24-06-08 03:09
Author

RE: Poison Null Protection

Mr_Cheese




Posts: 2468
Location: Brighton, UK
Joined: 30.11.04
Rank:
Uber Elite
Posted on 24-06-08 09:15
a switch is deffinatly the way to go about it.

it's a long winded way of doing things, but by far the most secure.

example:
Code

switch($_GET['page']){

case 'home':
  include "home.php";
break;

case 'contact':
 include "contact.php";
break;

default:
 include "home.php";

}





http://www.hellboundhackers.org/