Posted by Miguel Cruz on 08/07/06 17:42

Steven Musumeche <stevenmusumeche@yahoo.com> wrote:
> stirrell@integrastrategic.com wrote:
>> You're right - I probably am checking more than I need to but I
>> figured it didn't hurt to check those inputs and I was trying to
>> make sure I wasn't missing anything. Here is a copy of the message
>> from the bounceback that I got from the server. To me, it looks like
>> a successful injection attempt.
>
> You should also check the message for BCC, CC, etc. I had a problem in
> which the injection attack was being successfully done in the message
> body part of my contact form.

Really? That shouldn't happen. If that works, then I could just send you
an email with a thousand extra bcc's and your defective mail server
would spam for me, no need for a PHP hole.

miguel
--
Photos from 40 countries on 5 continents: http://travel.u.nu
Latest photos: Malaysia; Thailand; Singapore; Spain; Morocco
Airports of the world: http://airport.u.nu

• Next in forum: Re: Form with 2 submit buttons...
• Prev in forum: Sending an HTTP request and reading the response
• Thread view: Re: Email injection on a contact form

[Reply to this message]