[nycphp-talk] Phundamentals Title Change: Email Header Injection
Chris Shiflett
shiflett at php.net
Sun Sep 18 15:34:50 EDT 2005
Jeff Siegel wrote:
> See: http://www.nyphp.org/phundamentals/email_header_injection.php
I recommend that we change:
"All PHP scripts which send email based on input data are vulnerable."
to:
"All PHP scripts which send email based on tainted data are vulnerable."
or:
"All PHP scripts which send email based on input data might be vulnerable."
It might be better to reword it some other way, but it's false as written.
Chris
--
Chris Shiflett
Brain Bulb, The PHP Consultancy
http://brainbulb.com/
More information about the talk
mailing list