why convertFromNestedBase64() check only strings longer than 50 characters? #62
Description
If you use an exploit vector that it's base64_encode version is less than 50 characters, you can bypass this function.Try with these two string: first of them is detected and the second one not.
dGhpcyBpcyBhIGRhbmdlcm91cyBzdHJpbmcsIGJlIGNhcmVmdWxs
c3RyaW5nIG5vdCBkZXRlY3RlZCBieSBleHBvc2V=
Is there any reason that I can't see for limit at 50 characters?