[nycphp-talk] Phundamentals Title Change: Email Header Injection
Billy Reisinger
mail at billyreisinger.com
Sun Sep 18 19:56:41 EDT 2005
My 2 cents about the content of the post are:
"Grep through your mail server logs for the list of emails, using a
command something like this:
grep -f exploitaddresses.lst /var/log/maillog
(or wherever your mail log is located)
If any are found, cross reference the time of the mailing to times in
your web server logs to help determine the exploitable script. Modify
any such scripts to properly filter input fields, with a function
something like this:"
I think you should encourage everyone to fix their script, not just
those who find the email addresses you listed in their logs. As
someone succinctly pointed out in the thread about this injection
attack, the email addresses being used for this attack are most
likely subject to change. People should be safeguarding their
scripts as a precautionary measure, not as a band-aid after the fact.
Cheers!
Billy Reisinger
On Sep 18, 2005, at 2:02 PM, Jeff Siegel wrote:
> The title of the most recent PHundamentals article has been changed
> to "Email Header Injection."
>
> See: http://www.nyphp.org/phundamentals/email_header_injection.php
>
> Jeff
> _______________________________________________
> New York PHP Talk Mailing List
> AMP Technology
> Supporting Apache, MySQL and PHP
> http://lists.nyphp.org/mailman/listinfo/talk
> http://www.nyphp.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20050918/41ee00df/attachment.html>
More information about the talk
mailing list