Vulnerabilities tagged 'interesting bug'

[Glovo] Integer overflow vulnerability

Funny bug in Glovo, which is a delivery platform for taking orders and dispatching deliveries.The bug is an integer overflow in the quantity parameter of the POST request for the order, which can affect the total price of the order…

 

Unsigned to Signed Conversion Leading to filter_var Bypass

Cool trick impacting php’s filter_var which is actually a bit of a binary-level issue, if you provide a long enough string as the argument to filter_vareventually some code for (FILTER_VALIDATE_DOMAIN and FILTER_FLAG_HOSTNAME) will mistakenly believe the size is much smaller than it actually is (negative).

 
1
2
3
4