Whoops didn't see your edit. Switching from $_REQUEST to $_POST won't fix the injection issue. It just makes it slightly harder to exploit (meaing you might need to use telnet to exploit it instead of a web browser.)But he is using a post method not a get method for the form. ok i see because he is using the $_REQUEST tage is the issue try using $_POST
PHP email script
Started by
amunra
, Jan 01 2006 12:11 AM
#16
Posted 16 January 2006 - 05:13 PM
#17
Posted 16 January 2006 - 08:48 PM
I tried it and this is the response I got from the browser:Ok, so you've got this script at http://mysite.com/sendmail.php
Enter this in your browser's address bar, and there you gohttp://www.mysite.com/[email protected]%0aTo:%[email protected]&message=Exploited
That inserts a To: header, adding another recipient to the email.
Warning: mail(): SMTP server response: 550 <[email protected]>, Recipient unknown in C:\Documents and Settings\TCassels\Desktop\web\sendmail1.php on line 6 Warning: Cannot modify header information - headers already sent by (output started at C:\Documents and Settings\TCassels\Desktop\web\sendmail1.php:6) in C:\Documents and Settings\TCassels\Desktop\web\sendmail1.php on line 7I had to change the name of sendmail.php to sendmail1.php because I already have that filename used. Any other ideas on how I can secure this script?
#18
Posted 16 January 2006 - 09:16 PM
Sounds like your host requires some kind of SMTP authentication. IMO the easiest way to secure it is to not put "From $email" into the headers. Or you could get fancy and use a regular expression to remove newlines and colons from $email before sending.
Edited by brendandonhue, 16 January 2006 - 09:16 PM.
#19
Posted 16 January 2006 - 09:29 PM
As far as I know my host does not require authenication. I host my website on my own computer using abyss webserver x1 with php support.
#20
Posted 16 January 2006 - 09:31 PM
I see..might be some difference in configuration with your mail server then. I tried it on my host (netbunch.com) and the emails went through.
#21
Posted 18 January 2006 - 12:38 AM
at this point I belive it is a simple matter of port managment but i may be wrong I'm a developer not a sysadmin (well actualy I'm tech support ) but I do web development on the side
#22
Posted 18 January 2006 - 07:07 AM
Agreed, I tried your exploit on my web servers and it didnt work. It must be a flawed setup with your ISP.
That said, I will look at fixing the parts where the exploit may work and fix it in the tutorial (if that is ok with amunra) so that people without properly secured servers dont get in trouble with this tutorial.
ScHwErV
That said, I will look at fixing the parts where the exploit may work and fix it in the tutorial (if that is ok with amunra) so that people without properly secured servers dont get in trouble with this tutorial.
ScHwErV
#23
Posted 18 January 2006 - 09:11 AM
Shure go ahead, just pm me the changes so I know what I need to change to my other scripts(sometimes I am stupid and cant see the differences in posts ).
#24
Posted 18 January 2006 - 05:35 PM
There's more info on this kind of problem here: http://securephp.dam...Email_Injection
Seems like its not limited to certain insecure servers, I bet it can be exploited on most hosts.
Seems like its not limited to certain insecure servers, I bet it can be exploited on most hosts.
Edited by brendandonhue, 18 January 2006 - 07:01 PM.
#25
Posted 23 January 2011 - 01:03 AM
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users