php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #17746 Injecting ASCII control characters into message header/body created with mail()
Submitted: 2002-06-13 12:40 UTC Modified: 2002-06-13 14:58 UTC
From: cliph at isec dot pl Assigned:
Status: Closed Package: Mail related
PHP Version: 4.2.1 OS: Any
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: cliph at isec dot pl
New email:
PHP Version: OS:

 

 [2002-06-13 12:40 UTC] cliph at isec dot pl
Injecting ASCII control characters into mail() arguments

Arbitrary ASCII control characters may be injected into string arguments of mail() function. If mail() arguments are takeon from user's input it may give the user ability to alter message content including mail headers.

Example of such a vulnerability:

http://www.php.net/mailling-lists.php?maillist=rcpt@foo.bar%0aFrom:%20spammer@oh.ah%0a%0aMAIL%20BODY%0a.%0a&email=a

:-)

PHP should do content filtering before creating message body sent with "sendmail -t" command.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-06-13 14:58 UTC] sesser@php.net
This bug has been fixed in CVS. You can grab a snapshot of the
CVS version at http://snaps.php.net/. In case this was a documentation 
problem, the fix will show up soon at http://www.php.net/manual/.
In case this was a PHP.net website problem, the change will show
up on the PHP.net site and on the mirror sites.
Thank you for the report, and for helping us make PHP better.



cvs commit message at:

http://lists.php.net/article.php?group=php.cvs&article=12348
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Dec 26 22:01:28 2024 UTC