You are here: Re: Email Injection w/ Out Header? « PHP « IT news, forums, messages
Re: Email Injection w/ Out Header?

Posted by Gordon Burditt on 10/01/94 11:34

>A spammer is apparently using email injection on my form, however my I
>thought email injection requires mainpulation of the headers parameter
>in mail() and I'm not using that parameter. My mail call looks like:
>
>mail($to,$subj,$body)
>
>So how is the spammer getting me?

Are the contents of $to and $subj in any way whatever dependent
on form input? Is there any way either of those variables could
be made to contain a newline or carriage return? If so, that's
how they are doing it. Remember, the spammer NEED NOT use your
form so any Javascript checking is useless.

Look at the headers of any mail message, and consider what
happens if $subj = "Make Money fast\r\nCc: spamee@aol.com".

Gordon L. Burditt

 

Navigation:

[Reply to this message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация