PHP Email Injection
SecurePHP is carrying an article on email injection in the php mail() function. Just another great example of why it's bad to take input from a user and pass it directly into a function.
There are a lot of ways to send anonymous emails, some use it to mass mail, some use it to spoof identity, and some (a few) use it to send email anonymously. Usually a web mailform using the mail() function generates emails containing headers with the originating IP of the server it's running on. Therefore the mailform acts as a SMTP proxy. The input fields of the form may vary, but it is common to specify a mailform that gives you control over the subject, the message, and the sender's email address.
posted by Matt Richard @ 3:08 PM
1 Comments
1 Comments:
In my opinion, a more formal design than given in the article on email injection would be to formally sanitize all variable data, whether it goes to html, to sql, to mail or to anything else, such that it does not interfere with control structures.. It needs to be sanitized before output, not on input, and not in-between. And it needs sanitizing regarding to where it goes. Therefore
mail(sanRCPT($to), sanSUBJ($subj) sanBody($body), sanFROM($from));
echo sanHT($to) . sanHT ($subj) . sanHT ($body) . sanHT ($from);
Post a Comment
<< Home