Date: 07/29/05 (PHP Community)    Keywords: php, database, web

Hi Everyone.
I’m hoping someone can help me out with some code. I have a script on my website to automatically email me visitor comments. Last night my web host disabled it, saying there was a vulnerability that hackers were exploiting. I’ve looked over the script, but I can’t seem to find the vulnerability.


$mail_path = "/usr/sbin/sendmail -i -t" ;
$mail_to = -- my personal email address --;
$mail_subject = "[Webpage Email] ";

$email = $_RESQUEST['useremail'];
$message = $_REQUEST['message'];
$mail_subject .= $_REQUEST['subject'];

if (!isset($referer)){$referer = $HTTP_REFERER;}

if (trim($message) != ''){
mail($mail_to,$mail_subject,$message,
"From: $useremail\r\n" .
"Reply-To: $useremail\r\n" .
"X-Mailer: PHP/" . phpversion());
$display = "Thank you for submitting an email.
Your message has been successfully sent.
Redirecting you to $referer in 5 seconds.";
$meta = "";
}
?>



They also site these logs as evidence of the hack
200.175.152.226 - - [27/Jul/2005:20:55:45 -0400] "POST /email.php?referer= HTTP/1.0" 200 2155 "http://www.aellalei.com/" "-"
202.106.124.32 - - [27/Jul/2005:20:57:02 -0400] "POST /email.php?referer= HTTP/1.1" 200 2167 "http://www.aellalei.com/" "-"
195.245.185.18 - - [27/Jul/2005:20:58:21 -0400] "POST /email.php?referer= HTTP/1.1" 200 2167 "http://www.aellalei.com/" "-"
69.118.168.253 - - [27/Jul/2005:21:02:43 -0400] "POST /email.php?referer= HTTP/1.0" 200 2501 "http://www.aellalei.com/" "-"



Also, I’m using a similar script to email users about updates. That script queries a database to get the user emails. Is it likely to have the same vulnerabilities?

Source: http://www.livejournal.com/community/php/325993.html