Actually, adding input sanitisation really wouldnt increase the code size that much. Are you just incompetent?
On Wed, Mar 6, 2013 at 7:46 AM, Źmicier Januszkiewicz <[email protected]> wrote: > Dear list, > > Well, I suppose this had to be a proof-of-concept piece of code to > demonstrate how port scanning can be done in PHP, not a production-grade > software. Adding input sanitization would increase the code size by a lot > and obscure the concept somewhat (not that there is much to be said anout > the concept though). Think we can give the dude some discount for that. > > Nevertheless, seeing something like this coming from "Certified Ethical > Hacker and Security + certified" makes me doubt the worthness of those > certificates. Could be nice to know the exact naming of those certificates > to properly disregard them in the future. > > With best regards, > Z. > > 2013/3/6 laurent gaffie <[email protected]> > >> >> http://resources.infosecinstitute.com/php-build-your-own-mini-port-scanner/ >> >> Finding the vulnerability in this code is left as an exercise to the >> reader. >> >> PS: "*Your comment will be awaiting moderation forever."* >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
