Re: [mod-security-users] PHP mail() header injection issues
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] PHP mail() header injection issues
|
From: Kelson <ke...@sp...> - 2005-12-16 19:13:56
|
Ivan Ristic wrote: > That's because you are trying to work it out through the browser. > But if you access the form programmatically you can construct > any content you like, replacing %0A (encoded \n with three characters) > with only one character \n. One way I tested some of my scripts was to replace a bunch of <input type="text"> fields with <textarea></textarea>. Even just tossing stuff in there proved very educational! -- Kelson Vibber SpeedGate Communications <www.speed.net> |
