> https://www.xxx.co.uk/register.php";| grep "123"

I wonder what kind of browser could make this, probably a hacker-made one!

This URL will have to be translated into its equivalent URI, if using
GET the HTTP message's start line would look like:

GET /register.php"| grep "123" HTTP/1.1

First of all, the HTTP protocol states that the start line should contain:
METHOD <one or more spaces> URI <one or more spaces> HTTP/1.1
So, this is clearly violated as there are two spaces surrounding grep,
i believe if the server has trouble with this request, it's not yet at
the PHP level... it's an HTTP issue, clearly server related.  You wont
detect this with PHP, and if you do detect anything, it means your
server has modified it so you could...  for example, in this case it
might convert the whole "| grep "123" into a single get argument's
name, it could be simply removed/ignored, the server could try to see
if there is a file named `/register.php"| grep "123"` and returns a
404... but the only acceptable behavior in this case is for the server
to return 400  (read

Good luck!

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to