|
Posted by Neil McDermott on 09/08/05 16:10
Hello,
I hope someone can help.
I use a php form to process contact forms on my web sites. Recently I have
been receiving lots of strange data coming through the contact forms like
this :
NB. mysite = the actual site that the contact form is on.
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
From: qsukgmtfqg@mysiteco.uk add to address book
Return-Path: mysite.co.uk@hosts.co.uk add to blacklist add to whitelist
Delivery-Date: Thursday, September 8, 2005 2:57 AM
To: mark@mysite.co.uk
Subject: Information request
show headers | download source | printable view | back to folder | next
message Spam score: 0
Name : qsukgmtfqg@mysite.co.uk
Phone : qsukgmtfqg@mysiteco.uk
Email : qsukgmtfqg@mysiteco.uk
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
It spoofs the address of the site that the contact form is on. This has
happened accross every site that the form is on so I am guessing their is a
vulnaribility in the script below . Can anyone help please?
php Contact script used >>>>>>>>>>>>>>>>>>>>>>>>>>>>
<?
$name=$_POST['name'];
$phone=$_POST['phone'];
$email=$_POST['email'];
$query=$_POST['query'];
$to="enquiries@mysite.co.uk";
$from="$email";
$message="Customer Name : $name\n\n
Phone : $phone\n\n
Email Address : $email\n\n
Query : $query\n";
if (mail($to, "Customer Information", "$message\n", "From: $from"))
{$URL="http://www.mysite..co.uk/thankyou.php";header ("Location: $URL");
} else {
echo "There was a problem sending the mail. Please check that you filled in
the form correctly.";
}
?>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Any help would be greatly appreciated. I am no php expert , I simply
adjusted a form I found on a php tutorial site.
Thank you in advance,
Neil
begin 666 oops.gif
M1TE&.#EA$0`1`.9A`.;.Y^3)Y-:NU]R5MK20M+:5M_KZ^L[.SM:OUZBHJ,O+
MRY.3D_W]_?;V]K&QL?7U]9R<G&YL;NI@<,3$Q'UW?=>VV&]K;^_O[Y:6EHN"
MB^[N[LJFR]K:VH)[@M_&X.SL[,^GT)2+E*^?L(A[B'!N<.#@X,JUR^KJZK>8
MN*V>K7QW?*J/J\BLR*VMK8B B-G9V:2DI*:FIG]^?Z27I7YT?J:5IH5ZA>/C
MXW5U=7)P<I6!E<# P-75U86%A:N6K+^_OWAU>'AO>-G V=&KTHQZC)&%D7-P
M<WMQ>W]]?X>'A]>ZU[N[NWIP>IZ-GH!R@/'Q\8UZCG9U=O/S\[6CMJ^OKYJ'
MFM/3TW9N=W1O=.##X=Z_W]NXV]JVV].IU.E>;MJ1LP```/___P``````````
M````````````````````````````````````````````````````````````
M`````````````````````````````````````````````````"'Y! $``&$`
M+ `````1`!$```?,@&&"@P\E$R\:@XJ#%Q 1*B$=1DD<BX(*0%,`FYLF%"T&
MBDLV2EFFIZ9-& R"-U@56[&RLR,[@@LK" 5@8 6ZO+X;. 8/$2!=8 0$8,C*
MS%U,!SQ775_6UM777UU05 I'U5[BVU_B7MLZ,%9!X>/MYUU$#B<6[U]@Y>Y.
M$V$]* (#) P0``:@0 %#2#P)<X &EX</P4!\6"7!( @^M&C<N)$%D@:##"PH
F(B2 29,>:LCXL(C!CR@N9HA(D2%'`I"6PA@XX"!&`@52%@4"`#L`
`
end
[Back to original message]
|