Well, here’s the article you want.
Basically, the way the attack works is by getting addslashes()
to put a backslash in the middle of a multibyte character such that the backslash loses its meaning by being part of a valid multibyte sequence.
The general caveat from the article:
This type of attack is possible with any character encoding where
there is a valid multi-byte character that ends in0x5c
, because
addslashes()
can be tricked into creating a valid multi-byte character
instead of escaping the single quote that follows. UTF-8 does not fit
this description.