NULL Byte Poison Information Disclosure Vulnerability

Security issues related to php and mysql usage. How to make your code secure? Security measures and configurations? It's all in here!

Moderators: egami, macek, gesf

Post Reply
New php-forum User
New php-forum User
Posts: 1
Joined: Mon Jul 17, 2017 9:38 pm

Mon Jul 17, 2017 9:41 pm

Hi Guys I really need help.

I have no knowledge of PHP. I'm managing an IIS server that is going under PCI audit and this is one of the findings. Website is using PHP Manager 5.3 and WordPress.

I researched the issue and a page says add a code to fix

Code: Select all

$file = str_replace(chr(0), '', $string);
I copied and paste this to any .PHP file that I could think of but honestly not sure if I copied to right file or right place inside the file. Can someone please help?

Where to put this code?

Also I saw another web page that was saying to add the same code but instead of $file was $input. so which one is correct ?

Thank you all in advance.
User avatar
php-forum GURU
php-forum GURU
Posts: 1190
Joined: Mon Feb 22, 2016 5:52 pm

Tue Jul 18, 2017 10:55 am

You can't just paste a piece of code in any file like that and expect it to work, that doesn't make sense.

The only advice I can give is: get someone who knows what they are doing to do it. The information that you have given is not enough to give you any other advice.
Post Reply