|
Posted by xmp333 on 10/25/56 11:34
Gordon Burditt wrote:
> Are the contents of $to and $subj in any way whatever dependent
> on form input? Is there any way either of those variables could
> be made to contain a newline or carriage return? If so, that's
> how they are doing it. Remember, the spammer NEED NOT use your
> form so any Javascript checking is useless.
>
> Look at the headers of any mail message, and consider what
> happens if $subj = "Make Money fast\r\nCc: spamee@aol.com".
>
> Gordon L. Burditt
$to is not dependent on form input, but $subj is. This explains it --
I wanted to make sure because all the information I found on email
injection stated the header was used to mainpulate the form. However,
knowing what I know of mail() and Unix in general, it seemed possible
to inject arbitrary headers elsewhere if the parameters were simply
appended and the call translated to a raw text stream anyway, which
looks like the case.
Thanks.
[Back to original message]
|