Dear list, Well, I suppose this had to be a proof-of-concept piece of code to demonstrate how port scanning can be done in PHP, not a production-grade software. Adding input sanitization would increase the code size by a lot and obscure the concept somewhat (not that there is much to be said anout the concept though). Think we can give the dude some discount for that.
Nevertheless, seeing something like this coming from "Certified Ethical Hacker and Security + certified" makes me doubt the worthness of those certificates. Could be nice to know the exact naming of those certificates to properly disregard them in the future. With best regards, Z. 2013/3/6 laurent gaffie <[email protected]> > http://resources.infosecinstitute.com/php-build-your-own-mini-port-scanner/ > > Finding the vulnerability in this code is left as an exercise to the > reader. > > PS: "*Your comment will be awaiting moderation forever."* > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
