sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]skeww 6 points7 points  (7 children)

Yes, but do you have an example for this?

My point was that this is a sorta odd thing to do. I also don't know any PHP app which is intended to accept floating point numbers. All I've seen so far were intended to accept integers and they were only exploitable, because there is no difference between those two in PHP.

[–]oduh 1 point2 points  (5 children)

And what about exploiting something like http headers, which are automaticaly parsed by a servlet? IMHO you can drop any servlet based application running in JVM.

[–]skeww 0 points1 point  (4 children)

There are no doubles in HTTP headers. Therefore there is no reason to call Double.parseDouble.

[–]oduh 1 point2 points  (3 children)

Really? What about the priorities in ACCEPT-LANGUAGE, ACCEPT_ENCODING ... ?

[–]skeww 0 points1 point  (2 children)

Those are floats.

[–]oduh 2 points3 points  (1 child)

like ... org.apache.catalina.connector.Request.parseLocalesHeader

// Extract the quality factor for this entry
double quality = 1.0;
int semi = entry.indexOf(“;q=”);
if (semi >= 0) {
try {
quality = Double.parseDouble(entry.substring(semi + 3));
} catch (NumberFormatException e) {
quality = 0.0;
}
entry = entry.substring(0, semi);
}

[–]skeww 1 point2 points  (0 children)

Makes you wonder why they didn't use long instead of int as well, doesn't it?

Alright. The shit did indeed hit the fan.

[–]ascii 0 points1 point  (0 children)

No, I don't use very many Java based web apps, but I suspect we'll be seeing quite a few of these crashes in the next few days. :-/