[nycphp-talk] Phundamentals Title Change: Email Header Injection
Jeff Siegel
jsiegel1 at optonline.net
Mon Sep 19 06:47:40 EDT 2005
Point well taken and I believe it was Dan C. who noted the need to not rely
on that list of "known" email addresses.
Jeff
_____
From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On
Behalf Of Billy Reisinger
Sent: Sunday, September 18, 2005 6:57 PM
To: NYPHP Talk
Subject: Re: [nycphp-talk] Phundamentals Title Change: Email Header Injection
My 2 cents about the content of the post are:
"Grep through your mail server logs for the list of emails, using a command
something like this:
grep -f exploitaddresses.lst /var/log/maillog
(or wherever your mail log is located)
If any are found, cross reference the time of the mailing to times in your
web server logs to help determine the exploitable script. Modify any such
scripts to properly filter input fields, with a function something like
this:"
I think you should encourage everyone to fix their script, not just those
who find the email addresses you listed in their logs. As someone succinctly
pointed out in the thread about this injection attack, the email addresses
being used for this attack are most likely subject to change. People should
be safeguarding their scripts as a precautionary measure, not as a band-aid
after the fact.
Cheers!
Billy Reisinger
On Sep 18, 2005, at 2:02 PM, Jeff Siegel wrote:
The title of the most recent PHundamentals article has been changed to
"Email Header Injection."
See: http://www.nyphp.org/phundamentals/email_header_injection.php
Jeff
_______________________________________________
New York PHP Talk Mailing List
AMP Technology
Supporting Apache, MySQL and PHP
http://lists.nyphp.org/mailman/listinfo/talk
http://www.nyphp.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20050919/7c9469e2/attachment.html>
More information about the talk
mailing list