GoFuckYourself.com - Adult Webmaster Forum - View Single Post

benthompson · 10-19-2005, 02:13 PM

DO you have a bulk mailer php script on your server which has got access to your database?

if PHP mail function does not have \n on the header tags, they can add their own tags on your script and use your web forms to SPAM.

Have a look at this and fix if you have a problem like this: (Source php.net)

-------
Hi, from the example below :

$headers .= "From: \"".$fromname."\" <".$fromaddress.">\n";
return mail($toaddress, $subject, $message, $headers);

This will allow a SMTP injection attack on your feedback form.

Make sure you end your headers with \r\n\r\n or the missing \r\n will allow the attacker to inject additional headers.

The main use for this common flaw is to use your contact form for spam.

Remember: always triple-check user input that does anything meaningful.
-----

10-19-2005, 02:13 PM
benthompson Confirmed User Join Date: Mar 2002 Posts: 553	DO you have a bulk mailer php script on your server which has got access to your database? if PHP mail function does not have \n on the header tags, they can add their own tags on your script and use your web forms to SPAM. Have a look at this and fix if you have a problem like this: (Source php.net) ------- Hi, from the example below : $headers .= "From: \"".$fromname."\" <".$fromaddress.">\n"; return mail($toaddress, $subject, $message, $headers); This will allow a SMTP injection attack on your feedback form. Make sure you end your headers with \r\n\r\n or the missing \r\n will allow the attacker to inject additional headers. The main use for this common flaw is to use your contact form for spam. Remember: always triple-check user input that does anything meaningful. ----- __________________ No signature.. I am bored of the signatures aswell..