NYCPHP Meetup

NYPHP.org

[nycphp-talk] worm/virus's hammering feedback scripts?

Billy Reisinger mail at billyreisinger.com
Mon Sep 12 22:22:38 EDT 2005


Dan -
Apologies if I am being vague.  Yes, the person has to get the hack  
into the Content-type: header, but if this _is_ accomplished, the  
attacker can append characters or data to the message body, from what  
I understand.  We're splitting hairs, here.
Cheers,
Billy

On Sep 12, 2005, at 6:07 PM, Daniel Convissor wrote:

> Hi Billy:
>
>
>> I know, it's weird; unfortunately, it's true.  There's a specific  
>> little
>> hack of the Content-type header that lets the hacker do a multi-part
>> message.  If you scroll down to about the bottom of the article I
>> mentioned, it goes over it in detail.
>>
>
> You seem to be misinterpreting the article.  The crack only works  
> if they
> can get the "Content-Type: multipart/mixed;" into the _header_, at the
> beginning of a new line.
>
> --Dan
>
> -- 
>  T H E   A N A L Y S I S   A N D   S O L U T I O N S   C O M P A N Y
>             data intensive web and database programming
>                 http://www.AnalysisAndSolutions.com/
>  4015 7th Ave #4, Brooklyn NY 11232  v: 718-854-0335 f: 718-854-0409
> _______________________________________________
> New York PHP Talk Mailing List
> AMP Technology
> Supporting Apache, MySQL and PHP
> http://lists.nyphp.org/mailman/listinfo/talk
> http://www.nyphp.org
>
>
>




More information about the talk mailing list