websec.fr level25

tl;dr parse_url breaks in PHP5 on malformed input and returns false.


Referring to https://stackoverflow.com/questions/47807529 we can see that passing a malformed get parameter to parse_url gets it to return false, which then completely bypasses the flag keyword check.

Show Comments

Get the latest posts delivered right to your inbox.