You are here: Re: Email Injection w/ Out Header? « PHP Programming Language « IT news, forums, messages
Re: Email Injection w/ Out Header?

Posted by Java Boy on 06/14/08 11:34

REMOTE_ADDR will only show the proxy IP use X-Forwarder for that matter.

--
Geeks Home
www.fahimzahid.com





"Kim Andr� Aker�" <kimandre@NOSPAMbetadome.com> wrote in message
news:405pv9F1851ccU1@individual.net...
> Erwin Moller wrote:
>
> > xmp333@yahoo.com wrote:
> >
> > > Hello,
> > >
> > >
> > > A spammer is apparently using email injection on my form, however
> > > my I thought email injection requires mainpulation of the headers
> > > parameter in mail() and I'm not using that parameter. My mail call
> > > looks like:
> > >
> > > mail($to,$subj,$body)
> > >
> > > So how is the spammer getting me? Is mail() translating to a raw
> > > stream so that headers can be inserted in the body, or is there some
> > > kind of buffer overflow that can be exploited? Since I'm using
> > > dynamic variables, I can't see how this would occur, but then I'm
> > > no PHP expert.
> > >
> > > Any help would be greatly appreciated. I know beefing up input
> > > validation should take care of this, but I want to understand what
> > > the spammer is doing so I can reproduce and validate this fix.
> > >
> >
> > Hi,
> >
> > Log $to, $subj, $body somewhere (flatfile or database).
> > Check after spamming what the spammer did.
>
> And while you're at it, don't forget to include the IP address of the
> offender as well (environmental variable REMOTE_ADDR).
>
> --
> Kim Andr� Aker�
> - kimandre@NOSPAMbetadome.com
> (remove NOSPAM to contact me directly)

 

Navigation:

[Reply to this message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация