[nycphp-talk] worm/virus's hammering feedback scripts?
David Mintz
dmintz at davidmintz.org
Mon Sep 12 15:10:19 EDT 2005
On Mon, 12 Sep 2005, Billy Reisinger wrote:
> The attacker only needs to slip a mail header in _any_ of the variables
> passed to mail(); not just a Reply-to: header. In brief, this attack
> works due to a "feature" of MIME headers which allow you to have
> duplicate header entries (i.e. To:, Reply-to:, etc) in _any_order_ in
> the mail header. In fact, the attacker can stop a mail message in the
> middle of the message body and begin an entirely new message! For a
> more thorough (and cogent) explanation of this vulnerability, head on
> over to http://securephp.damonkohler.com/index.php/Email_Injection .
> It's kind of a funky problem to get your brain around. I agree that the
> community needs some sort of standardized solution to squash this
> problem once and for all!
OK, thank you. The picture is getting clearer. I did look at that article
but did not read the whole thing thoroughly enough to pick up this
important point (my bad).
The takeaway seems to be: always validate the hell out of everything no
matter what, period. Gee, sounds kind of familiar doesn't it.
---
David Mintz
http://davidmintz.org/
More information about the talk
mailing list