RE: [users@httpd] Web form spam attack

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hans Zaunere said:
>
>

>
> New York PHP has developed a PHundamental to address this:
>
> http://www.nyphp.org/phundamentals/email_header_injection.php
>

Thanks but where do I apply it. Here is the code(don't laugh):

************************************************************************
$title = "Contact Form";
include ("inc/top.php");

if ($mailto != "") {
echo "<h1>You have selected to E-mail $mailto.  Please fill out the form below.</h1>";
}else {
echo "<h1>
Please fill out the form below.
</h1>";
$mailto = $E1;
$message = "Please contact us either by this form, by mail, or phone.  We are
anxious to here from you!";
}
if ($mailto == ""){
        } else if ($mailto == $E2){
$message = "Contact the editor with any questions or comments that you may have..";
} else if ($mailto == $E3){
$message = "Contact our advertising department with any questions or comments
concerning placing an ad or for more advertisem
ent information..";
} else if ($mailto == $E4){
$message = "We are always looking for smiling faces!  Please contact us using the
form below or E-mail us directly at $E4.  F
or a faster response please include your resume.";
} else if ($mailto == $E5){
$message = "You may contact our business department with any questions that
concerning your subscripion.";
}
echo "
<h2>
$message
</h2>
<form action=\"thanks.php\" method=\"post\">
<input type=\"hidden\" name=\"mailto\" value=\"$mailto\" />
<table summary=\"Contact info\">
<tr><td>Name:</td>
<td><input type=\"text\" name=\"name\" size=\"30\" maxlength=\"30\"></td></tr>
<tr><td>Email:</td>
<td><input type=\"text\" name=\"email\" size=\"30\" maxlength=\"30\"></td></tr>
<tr><td>Question:</td>
<td></td></tr>
<tr><td colspan=\"2\"><textarea cols=\"40\" rows=\"10\"
name=\"question\"></textarea></td></tr>
<tr><td></td><td align=\"right\"><input type=\"submit\" name=\"Submit\"></td></tr>
</table></form>
";
include ("$WebRoot/inc/footer.php");


Thanks, Jason



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux