PHP Mail Injection Testing Script

Here is a sample Perl script to test for PHP mail injection. The code has some documentation and might be usable if you already know how to hack foreign perl scripts. :)

Most people try to test using GET requests which will fail every time since the browser and web server don't like processing the needed cr and lf's correctly. The script makes a post request to the server using 3 command line arguments. It won't work as is since you will need to modify for the target scripts form parameters.

I think I wrote this in February 2006 while helping a friend secure his contact form against php mail injection bugs.

Enjoy! http://www.opensecnet.com/php_inject_sample.pl.txt