Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 4 of 4
  1. #1
    New Coder
    Join Date
    Dec 2004
    Posts
    30
    Thanks
    0
    Thanked 0 Times in 0 Posts

    testing for email injection?

    Can anyone tell me how to test a tell-a-friend form for email injection (spamming)?

    Thanks

  • #2
    New Coder
    Join Date
    Sep 2005
    Posts
    36
    Thanks
    0
    Thanked 0 Times in 0 Posts
    In the following thread a nice filter is shown:
    http://www.codingforums.com/showthread.php?t=68919
    If things aren't clear after reading that thread, you know were to ask further questions

  • #3
    New Coder
    Join Date
    Dec 2004
    Posts
    30
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Thanks.

    I read that thread before. I have a tell a friend form and I want to know what values to put in the fields to see if it is vulnerable. I tried some values like "CC:email@domain.com" in some of the input fields to see if i would get a copy of the email to that address(^), but I didnt. So i just want to know if there are any other values I can use to see if my script is vulnerable(which i am sure it is).

    Thankss again.

  • #4
    New Coder
    Join Date
    Sep 2005
    Posts
    36
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Aha, now I understand.
    Well, you could hardcode some different variables in the script and see what happens:
    For example:
    PHP Code:
    $var 'sender@anonymous.www%0ACc:recipient@someothersite.xxx%0ABcc:somebloke@grrrr.xxx,someotherbloke@oooops.xxx'
    or
    PHP Code:
    $var 'email@anonymous.xxx%0ATo:email1@who.xxx'
    For a lot of examples see http://securephp.damonkohler.com/ind...mail_Injection

    There was someone who wrote a script with which to test your forms. I'll try to find that one. The script changed your current forms from singleline to multilines, so you could try to inject multiline text and see what happens.
    [edit:]
    It's here: http://www.twologs.com/en/services/test/formtest.asp
    Last edited by matthijs; 09-27-2005 at 05:26 PM.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •