Re: abused mailscript => How did they do it??? — PHP Programming Language

You are here: Re: abused mailscript => How did they do it??? « PHP Programming Language « IT news, forums, messages

Posted by rlee0001 on 03/14/06 11:08

Q, you are not checking POST name and POST email for new line
characters. That enables the user to inject any headers they want. In
theory this could allow CC: to be used to send mail to other users.
Validate/filter the POST data for invalid characters. Alternatively
don't allow the user to submit header-related information.

-Robert

Navigation:

Next in forum: Re: abused mailscript => How did they do it???
Prev in forum: Re: abused mailscript => How did they do it???
Thread view: Re: abused mailscript => How did they do it???

[Reply to this message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация