Fred
09-22-2005, 05:49 PM
Hi,
I stopped just in time a possible vulnerability in one of my user scripts... that could make my server a SPAM sender :eek:
Here's the script:
<?
$msg = "subject:\t$subject\n";
$msg .= "name:\t$name\n";
$msg .= "name2:\t$name2\n\n";
$msg .= "company:\t$company\n";
$msg .= "telephone:\t$telephone\n";
$msg .= "fax:\t$fax\n\n";
$msg .= "email:\t$email\n";
$msg .= "url:\t$url\n";
$msg .= "message:\t$message\n\n";
$recipient = "customer_email@hotmail.com";
$subject = "Form";
$mailheaders = "From: formulaire user<contact@domain.com> \n";
$mailheaders .= "Reply-To: $email\n\n";
mail($recipient, $subject, $msg, $mailheaders);
?>
A bot(or someone) attacked the script today...
I saw a lot of email sent from nobody@(my webserver user) and going to the my customer email and having the subject "Contact form domain.com".
BUT one of these emails was sent to another email using bcc: mhkoch321@aol.com
i looked at the script... but didn't understand how the bot was able to send an email to a bcc... i tried a lot of things... and finally i found it:
$mailheaders .= "Reply-To: $email\n\n";
$email is not checked before it was used... The customer told me the worst he's expected was to receive some junk in HIS mailbox ;)
So, the spammer was able to insert new mail headers ... Here's the $email value he used:
email: bfqngspb@domain.com
Content-Type: multipart/mixed; boundary=\"===============0452749181==\"
MIME-Version: 1.0
Subject: 1f0d01d8
To: bfqngspb@domain.com
bcc: mhkoch321@aol.com
From: bfqngspb@domain.com
This is a multi-part message in MIME format.
--===============0452749181==
Content-Type: text/plain; charset=\"us-ascii\"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
qoevyurk
--===============0452749181==--
I just want to warn you... so you can check your customers script or at least be able to avoid the problem...
I stopped just in time a possible vulnerability in one of my user scripts... that could make my server a SPAM sender :eek:
Here's the script:
<?
$msg = "subject:\t$subject\n";
$msg .= "name:\t$name\n";
$msg .= "name2:\t$name2\n\n";
$msg .= "company:\t$company\n";
$msg .= "telephone:\t$telephone\n";
$msg .= "fax:\t$fax\n\n";
$msg .= "email:\t$email\n";
$msg .= "url:\t$url\n";
$msg .= "message:\t$message\n\n";
$recipient = "customer_email@hotmail.com";
$subject = "Form";
$mailheaders = "From: formulaire user<contact@domain.com> \n";
$mailheaders .= "Reply-To: $email\n\n";
mail($recipient, $subject, $msg, $mailheaders);
?>
A bot(or someone) attacked the script today...
I saw a lot of email sent from nobody@(my webserver user) and going to the my customer email and having the subject "Contact form domain.com".
BUT one of these emails was sent to another email using bcc: mhkoch321@aol.com
i looked at the script... but didn't understand how the bot was able to send an email to a bcc... i tried a lot of things... and finally i found it:
$mailheaders .= "Reply-To: $email\n\n";
$email is not checked before it was used... The customer told me the worst he's expected was to receive some junk in HIS mailbox ;)
So, the spammer was able to insert new mail headers ... Here's the $email value he used:
email: bfqngspb@domain.com
Content-Type: multipart/mixed; boundary=\"===============0452749181==\"
MIME-Version: 1.0
Subject: 1f0d01d8
To: bfqngspb@domain.com
bcc: mhkoch321@aol.com
From: bfqngspb@domain.com
This is a multi-part message in MIME format.
--===============0452749181==
Content-Type: text/plain; charset=\"us-ascii\"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
qoevyurk
--===============0452749181==--
I just want to warn you... so you can check your customers script or at least be able to avoid the problem...