|
|
Posted by juglesh on 11/02/05 19:52
feed_sheep wrote:
> >> $email=$_POST['email'];
> > ...
> >> if(mail($to,"E-mail from MySite",$message,"From:$email\n")){
> >
> > Take it down, it is being abused - or is about to be abused - by
> > spammers.
> >
> > The last argument to mail() is a list of extra headers and because of
> > the way your script is structured a custom form or script can submit
> > extra Bcc: email addresses tagged on to the 'email' form field.
> >
>
> Can you expand on how this works and how to prevent spammers from using
> this? I'm not sure I understand. Thanks!
do this first on the page:
$find =
array("/bcc\:/i","/Content\-Type\:/i","/cc\:/i","/to\:/i","/MIME\-Version\:/i");
$_POST = preg_replace($find,'BAD INPUT, NAUGHTY HACKER',$_POST);
http://www.anders.com/cms/75/Crack.Attempt/Spam.Relay
http://securephp.damonkohler.com/index.php/Email_Injection
--
juglesh
Navigation:
[Reply to this message]
|