Loading ...
Sorry, an error occurred while loading the content.

Re: [PBML] Email header injection

Expand Messages
  • Jenda Krynicky
    To: perl-beginner@yahoogroups.com From: Gilles Beauregard Date sent: Mon, 28 Nov 2005 19:56:52 -0500 Subject:
    Message 1 of 4 , Nov 29, 2005
    • 0 Attachment
      To: perl-beginner@yahoogroups.com
      From: Gilles Beauregard <gilles@...>
      Date sent: Mon, 28 Nov 2005 19:56:52 -0500
      Subject: Re: [PBML] Email header injection
      Send reply to: perl-beginner@yahoogroups.com

      > Allo!
      >
      > >It's hard to help much without seeing your code so just a few
      > >recommendations.
      >
      > Just need a simple routine to remove the bad caracters.

      What did I say? DON'T REMOVE THE BAD CHARACTERS! MAKE SURE YOU ACCEPT
      ONLY THE GOOD ONES.

      > The problem is at the "body" level of the form submit. When a
      > TO: CC: or BCC: is included and some escape caracters,
      > the spammer can use the script.

      HOW DO YOU SEND THE EMAIL???

      > The problem is explain here:
      > http://securephp.damonkohler.com/index.php/Email_Injection

      Beg your pardon? This is a Perl list, not a PHP one.

      Show us your code!

      Jenda
      P.S.: The PHP's mail() function is apparently illdesigned.
      ===== Jenda@... === http://Jenda.Krynicky.cz =====
      When it comes to wine, women and song, wizards are allowed
      to get drunk and croon as much as they like.
      -- Terry Pratchett in Sourcery
    Your message has been successfully submitted and would be delivered to recipients shortly.