Oh no! Where's the JavaScript?
Your Web browser does not have JavaScript enabled or does not support JavaScript. Please enable JavaScript on your Web browser to properly view this Web site, or upgrade to a Web browser that does support JavaScript.
Sign In
Not a member yet? Click here to register.

Shoutbox last character hack

I just found what if last character in shoutbox is & or " or ' , in some situations it will get corrupted
Message:
CodeDownload  
111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111  *


In this case 111... is just to fill space, it can be any character except & or " or '.
Now replace * in message with & or " or ' , and see result, you can also try to add more characters to fill space, this will change cutting point of encoded character, for example:
with current filling:
' will be &#3
if we add one more 1
' will be &#
Funny eh? :D
_______
Explaining:
Message which will be inserted in to database is longer then 255 characters, because after stripinput some characters turn from one up to 6. This means what message can be up to 255*6 in length. To fix that: you must limit amount of characters in message who needs to be escaped or allow length of message in sql up to 1530.
Best solution: change shout_message field type to TEXT, this will not only fix problem, but will bring option to change shout_message length whiteout modifying sql!
Thread Information
Author
bite
Replies
1 post
Views
2,319 times
Last Post
Last updated on 10 years ago
You can view all discussion threads in this forum.
You can start a new discussion thread in this forum.
You cannot reply in this discussion thread.
You cannot start on a poll in this forum.
You cannot upload attachments in this forum.
You cannot download attachments in this forum.