Re: [mod-security-users] PHP mail() header injection issues
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] PHP mail() header injection issues
|
From: Ivan R. <iv...@we...> - 2005-12-16 16:50:46
|
Mojo Jojo wrote: > > Thing that has me stuck is this, everytime I try to punch this string > into a sample "From:" field on a test form, when I print the string to > the screen it comes out exactly like that with the "%0A" and all. The > "%0A" is suppose to be converted into a "\n" which is needed of for the > exploit to work. Problem is that POST data does not get unencoded like > GET data on the other end and the PHP mail() just barfs. > > If I try to send the same string with plain old "\n" then it ends up > looking like this "\\n" on the other side because Magic Quotes is > escaping my backslash. > > I am confused as to how the SPAMMERS have been able to successfully pass > the "\n" which is needed in a POST when I can't do it myself. That's because you are trying to work it out through the browser. But if you access the form programmatically you can construct any content you like, replacing %0A (encoded \n with three characters) with only one character \n. -- Ivan Ristic Apache Security (O'Reilly) - http://www.apachesecurity.net Open source web application firewall - http://www.modsecurity.org |
