NYCPHP Meetup

NYPHP.org

[nycphp-talk] worm/virus's hammering feedback scripts?

Peter Sawczynec ps at pswebcode.com
Mon Sep 12 18:22:20 EDT 2005


What if unsanitized data including javascripting is inadvertently left
in the message body and the web site process goes on to show an HTML
page recap and confirmation back to the user, couldn't this pose an
issue regarding what is in the email body?

Peter

-----Original Message-----
From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org]
On Behalf Of DeWitt, Michael
Sent: Monday, September 12, 2005 6:15 PM
To: 'NYPHP Talk'
Subject: Re: [nycphp-talk] worm/virus's hammering feedback scripts?




> -----Original Message-----
> From:	csnyder [SMTP:chsnyder at gmail.com]
> Sent:	Monday, September 12, 2005 3:49 PM
> To:	NYPHP Talk
> Subject:	Re: [nycphp-talk] worm/virus's hammering feedback
scripts?
> 
> On 9/12/05, Daniel Convissor <danielc at analysisandsolutions.com> wrote:
> > Hi Billy:
> > 
> > On Mon, Sep 12, 2005 at 02:36:19PM -0400, Billy Reisinger wrote:
> > > In fact, the attacker can stop a mail message in the middle of the

> > > message body and begin an entirely new message!  For a more 
> > > thorough (and cogent) explanation of this vulnerability, head on 
> > > over to http://securephp.damonkohler.com/index.php/Email_Injection

> > > .
> > 
> > Huh?!  Insert headers in the middle of the message body?!  That 
> > doesn't make sense to me.  I believe you're misinterpreting the 
> > article you mention.  Perhaps I misunderstand things, but the way I 
> > see it, I can write "Content-Type: <whatever>" in the middle of 
> > message until my
> fingers
> > fall off and it won't have any impact.  The problem is inserting 
> > that
> into
> > the headers.
> > 
> 
> The article is dangerously ambiguous on this point, but I think you're

> right on here, Dan. In order to insert new MIME parts into the message

> body, you need to be able to set the boundary marker in the headers.
> 
> So the message body itself is safe, provided your headers are properly

> sanitized. _______________________________________________
> New York PHP Talk Mailing List
> AMP Technology
> Supporting Apache, MySQL and PHP
> http://lists.nyphp.org/mailman/listinfo/talk
> http://www.nyphp.org
_______________________________________________
New York PHP Talk Mailing List
AMP Technology
Supporting Apache, MySQL and PHP
http://lists.nyphp.org/mailman/listinfo/talk
http://www.nyphp.org





More information about the talk mailing list