By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
424,962 Members | 1,998 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 424,962 IT Pros & Developers. It's quick & easy.

PHPMailer security

P: 30
I have been using PHPMailer to send a contact form.
But one of the users told me that he had received a response to his question from another person.

I sent a question using the form and, effectively, someone answered me.
So, how can they be capturing that information? Any help? :(
May 30 '07 #1
Share this Question
Share on Google+
4 Replies


pbmods
Expert 5K+
P: 5,821
I have been using PHPMailer to send a contact form.
But one of the users told me that he had received a response to his question from another person.
  • Check to make sure that the address you're sending the email to is correct.
  • Is the email being sent to more than one address?
  • Is it being CC'd or BCC'd?
  • Are you setting your own headers or just using the defaults?
  • If you set headers, is it possible (even if not intended) for the User to modify these headers (are you getting hit by header injection attacks)?
  • Is the response coming from the same email address every time, or does it vary?
May 30 '07 #2

P: 30
  • Check to make sure that the address you're sending the email to is correct.
  • Is the email being sent to more than one address?
  • Is it being CC'd or BCC'd?
  • Are you setting your own headers or just using the defaults?
  • If you set headers, is it possible (even if not intended) for the User to modify these headers (are you getting hit by header injection attacks)?
  • Is the response coming from the same email address every time, or does it vary?
Actually, the form wasn't developed by me, the only thing I did was switch from an old sciprt (using mail) to phpMailer to avoid header injection. What I hadn't realized was that the form was being sent to two adresses, so that was probably the problem. Right now we're discussing this with the website owner to check if the second address was intentional or was put there by the former developer to catch all the emails sent through it.

Thanks for answering!
May 31 '07 #3

pbmods
Expert 5K+
P: 5,821
Thanks for answering!
No problem. Keep 'em comin'!
May 31 '07 #4

P: 2
thanks man good answer i need this
Jun 2 '07 #5

Post your reply

Sign in to post your reply or Sign up for a free account.