PHP Classes

Headers Injection

Recommend this page to a friend!

      Mail Man  >  All threads  >  Headers Injection  >  (Un) Subscribe thread alerts  
Subject:Headers Injection
Summary:How to help detecting headers injection.
Messages:2
Author:Luis I. Larrateguy
Date:2006-02-15 03:14:25
Update:2006-02-22 12:08:20
 

  1. Headers Injection   Reply   Report abuse  
Picture of Luis I. Larrateguy Luis I. Larrateguy - 2006-02-15 03:14:25
Last friday I had an attack, using the technique headers injection.
I'm making use of MailMan, because I think it is a great class to separate logic, from presentation (and from the model).

The attacker added headers in the "from" field in a web form. I had a few validations, but it wasn't enough. So I added a more robust validations, with regular expressions.

I suggest, that this kind of validations are responsability of MailMan class. Returning false in the setFrom method, if data has bad format (doesn't validate).

If you want I'll email you my code.

Regards

Luis L.
larrateguy.com.ar/luisignacio

  2. Re: Headers Injection   Reply   Report abuse  
Picture of Nikita U. Nikita U. - 2006-02-22 12:08:20 - In reply to message 1 from Luis I. Larrateguy
Could you please send me the code you spoke about on [email protected]
Nikita U., Lithuania