Whoops didn't see your edit. Switching from $_REQUEST to $_POST won't fix the injection issue. It just makes it slightly harder to exploit (meaing you might need to use telnet to exploit it instead of a web browser.)
But he is using a post method not a get method for the form. ok i see because he is using the $_REQUEST tage is the issue try using $_POST
PHP email script
Posted 16 January 2006 - 05:13 PM
Posted 16 January 2006 - 08:48 PM
I tried it and this is the response I got from the browser:
Ok, so you've got this script at http://mysite.com/sendmail.php
Enter this in your browser's address bar, and there you gohttp:[email protected]%0aTo:[email protected]&message=Exploited
That inserts a To: header, adding another recipient to the email.
Warning: mail(): SMTP server response: 550 <[email protected]>, Recipient unknown in C:\Documents and Settings\TCassels\Desktop\web\sendmail1.php on line 6 Warning: Cannot modify header information - headers already sent by (output started at C:\Documents and Settings\TCassels\Desktop\web\sendmail1.php:6) in C:\Documents and Settings\TCassels\Desktop\web\sendmail1.php on line 7I had to change the name of sendmail.php to sendmail1.php because I already have that filename used. Any other ideas on how I can secure this script?
Posted 16 January 2006 - 09:16 PM
Edited by brendandonhue, 16 January 2006 - 09:16 PM.
Posted 16 January 2006 - 09:29 PM
Posted 16 January 2006 - 09:31 PM
Posted 18 January 2006 - 12:38 AM
Posted 18 January 2006 - 07:07 AM
That said, I will look at fixing the parts where the exploit may work and fix it in the tutorial (if that is ok with amunra) so that people without properly secured servers dont get in trouble with this tutorial.
Posted 18 January 2006 - 09:11 AM
Posted 18 January 2006 - 05:35 PM
Seems like its not limited to certain insecure servers, I bet it can be exploited on most hosts.
Edited by brendandonhue, 18 January 2006 - 07:01 PM.
Posted 23 January 2011 - 01:03 AM
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users