forked from offensive-security/exploitdb
-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy path29784.php
More file actions
executable file
·14 lines (9 loc) · 559 Bytes
/
29784.php
File metadata and controls
executable file
·14 lines (9 loc) · 559 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
source: http://www.securityfocus.com/bid/23145/info
PHP is prone to an email-header-injection vulnerability because it fails to properly sanitize user-supplied input when constructing email messages.
Exploiting this issue allows a malicious user to create arbitrary email headers, and then create and transmit spam messages from the affected computer.
The following versions are vulnerable:
PHP 4 up to and including 4.4.6
PHP 5 up to and including 5.2.1
<?php
mail("test@domain(dot)com", "Test\r\n \nAnother-Header: Blub", "Message");
?>