Morning, I wonder when we will see: PHP include() PHP Code Injection on Bugtraq ;)
[X] Injecting HTTP headers is indeed possible with his technique. [X] -> You can inject Cookies... [X] Injecting Part of the Body is possible, too. [X] Browsers ignore anything in the Body when "Location" is used. [ ] His Java Script will be executed. Stefan Esser PS: Is php-dev censored? Or why disappeared my mail about MD5/GPG signs of PHP 4.2.3... Is there some autofilter on "group says everytime: we do it the next time?" -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php
