How to test for email injection_问答_开发者_运维开发者技术经验分享

开发者 https://www.devze.com 2023-03-22 09:05 出处：网络

I\'m using the php mail function and I have a form with the name field, phone field, email field and message field which is a text area. The ema开发者_StackOverflow社区il field (along with the name an

I'm using the php mail function and I have a form with the name field, phone field, email field and message field which is a text area. The ema开发者_StackOverflow社区il field (along with the name and phone field) displays in the message and isn't used to send an email to that address. The To: fields and subject: fields and From: header are static in the script and is designed to always be the same.

I was recently trying to try email injection to my own script so I can then know if my preventative measures are working or not.

I've tried putting in the fields %0ATo:mysecondemailaddress@provider.com and also %0ACc:mysecondemailaddress@provider.com, but the email doesn't even send to the proper email address at all. I was just wondering what is the correct method to do this, and also when I am using preventative methods such as identifying strings and either removing them or denying the email from being sent what characters such as % should I also be on the look out for?

It doesn't look like using the form to directly enter the injection works very well. I'm using the following to test out a mailer I'm putting together, it posts the data from the script. The $postData will have to be modified to suit your form. This just BCCs a 'victim':

<?php

    $postData = 
        'contactname=Lord+Sauron&'.
        'email=darklord@ciplit.com.au%0ABcc:frodo@ciplit.com.au'.
        '&message=Sorry+about+that+whole+ring+thing.+No+hard+feelings%3F';

    $url = 'http://'.$_SERVER['HTTP_HOST'].dirname($_SERVER['PHP_SELF']).'/onetrueformmailer.php';

    $result = do_post_request($url, $postData);

    echo($result);




    // http://wezfurlong.org/blog/2006/nov/http-post-from-php-without-curl/
    function do_post_request($url, $data, $optional_headers = null) {
        $params = array('http' => array(
            'method' => 'POST',
            'content' => $data
        ));
        if ($optional_headers !== null) {
            $params['http']['header'] = $optional_headers;
        }
        $ctx = stream_context_create($params);
        $fp = @fopen($url, 'rb', false, $ctx);
        if (!$fp) {
            throw new Exception("Problem with $url, $php_errormsg");
        }
        $response = @stream_get_contents($fp);
        if ($response === false) {
            throw new Exception("Problem reading data from $url, $php_errormsg");
        }
        return $response;
    }

?>