Hi..
This script has been abused to send to AOL. My question "How the ... did
they do that???"
Regards,
Marco
<?
if($_POST[name] && $_POST[subject] && $_POST[text]) {
$headers = "MIME-Version: 1.0\n";
$headers .= "Content-type: text/html; charset=iso-8859-1\n";
$headers .= "X-Priority: 3\n";
$headers .= "X-MSMail-Priority: Normal\n";
$headers .= "X-Mailer: php\n";
$headers .= "From: \"".$_POST[name]."\" <".$_POST[email].">\n";
mail('s***@recipient.somewhere', "Website: ".$_POST[subject],
nl2br($_POST[text]), $headers);
echo "<META HTTP-EQUIV=Refresh CONTENT=\"2;
URL=index.php?page=contact\">Mail sent....";
}
?>
4  1092 
Q wrote: Hi..
This script has been abused to send to AOL. My question "How the ... did
they do that???"
$headers .= "From: \"".$_POST[name]."\" <".$_POST[email].">\n";
mail('s***@recipient.somewhere', "Website: ".$_POST[subject],
nl2br($_POST[text]), $headers);
$_POST['email'] = 'f**@bar.com>\nBcc: <so*******@over.the.rainbow';
or something similar.
Q, you are not checking POST name and POST email for new line
characters. That enables the user to inject any headers they want. In
theory this could allow CC: to be used to send mail to other users.
Validate/filter the POST data for invalid characters. Alternatively
don't allow the user to submit header-related information.
-Robert
Following on from Q's message. . . Hi..
This script has been abused to send to AOL. My question "How the ... did
they do that???"
Good God! Where did you get such a naive script from?
Regards,
Marco
<?
if($_POST[name] && $_POST[subject] && $_POST[text]) {
$headers = "MIME-Version: 1.0\n";
$headers .= "Content-type: text/html; charset=iso-8859-1\n";
$headers .= "X-Priority: 3\n";
$headers .= "X-MSMail-Priority: Normal\n";
$headers .= "X-Mailer: php\n";
$headers .= "From: \"".$_POST[name]."\" <".$_POST[email].">\n";
mail('s***@recipient.somewhere', "Website: ".$_POST[subject],
nl2br($_POST[text]), $headers);
echo "<META HTTP-EQUIV=Refresh CONTENT=\"2;
URL=index.php?page=contact\">Mail sent....";
}
?>
--
PETER FOX Not the same since the cardboard box company folded
pe******@eminent.demon.co.uk.not.this.bit.no.html
2 Tees Close, Witham, Essex.
Gravity beer in Essex <http://www.eminent.demon.co.uk>
On Tue, 14 Mar 2006 09:30:12 +0000, Peter Fox wrote: Following on from Q's message. . .Hi..
This script has been abused to send to AOL. My question "How the ... did
they do that???"
Good God! Where did you get such a naive script from?
Heh ... sort of on-topic, is the original Matt [FormMail] Wright still
alive/around/rich? Sorry - not implying that *his* scripts are naive!
Adam. This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Christian Schmidbauer |
last post by:
Hello!
I prepare my XML document like this way:
-------------------------------------------------------
PrintWriter writer;
Document domDocument;
Element domElement;
// Root tag
|
by: Eshrath |
last post by:
Hi,
What I am trying to do:
=======================
I need to form a table in html using the xsl but the table that is
formed is quite long and cannot be viewed in our application. So we
are...
|
by: Donald Firesmith |
last post by:
I am having trouble having Google Adsense code stored in XSL converted
properly into HTML. The <> unfortunately become < and > and then
no longer work.
XSL code is:
<script...
|
by: Arne Schirmacher |
last post by:
I want to display a MySQL database field that can contain HTML markup.
If I use <esql:get-string> then I get all of the database field, but
all tags are escaped which is not what I want. If I use...
|
by: Mark Moore |
last post by:
It looks like there's a pretty serious CSS bug in IE6
(v6.0.2800.1106). The HTML below is validated STRICT HTML 4.01 and
renders as I would expect in Opera, FrontPage, and Netscape.
For some...
|
by: Les Paul |
last post by:
I'm trying to design an HTML page that can edit itself. In essence, it's
just like a Wiki page, but my own very simple version. It's a page full
of plain old HTML content, and then at the bottom,...
|
by: bissatch |
last post by:
Hi,
I am currently writing a simple PHP program that uses an XML file to
output rows for a 'Whats New' page. Once written, I will only require
updating the XML file and any pages that use the...
|
by: vdex42 |
last post by:
Apologies if this has been asked before, but I haven't been able to
find the answer to this yet:
My problem is that .NET will not allow me to insert escaped '>'
characters (i.e. >) within the...
|
by: John Nagle |
last post by:
This, which is from a real web site, went into BeautifulSoup:
<param name="movie" value="/images/offersBanners/sw04.swf?binfot=We offer
fantastic rates for selected weeks or days!!&blinkt=Click...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
| |
