Reply to Re: abused mailscript => How did they do it???

Your name:

Reply:


Posted by rlee0001 on 03/14/06 11:08

Q, you are not checking POST name and POST email for new line
characters. That enables the user to inject any headers they want. In
theory this could allow CC: to be used to send mail to other users.
Validate/filter the POST data for invalid characters. Alternatively
don't allow the user to submit header-related information.

-Robert

[Back to original message]
Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация