Feedback Form
PHP Code
+ 0 likes
Please Register to submit score.
| Average Score | 5.7 |
| Scores Submitted | 3 |
| Date Added | Dec 30, 2006 |
| Last Updated | Jan 01, 2007 |
| Tags | email feedback form php |
|
Introduction
PHP Snippet:
Feedback Form
Posted on Dec 30, 2006 8:14 pm
Posted on Dec 30, 2006 8:14 pm
not bad not bad... :P good job :P
PHP Snippet:
Feedback Form
Posted on Dec 30, 2006 8:29 pm
Posted on Dec 30, 2006 8:29 pm
This code is exploitable. Somebody can add header information to the Subject field to send email to anybody they wish.
PHP Snippet:
Feedback Form
Posted on Dec 30, 2006 9:45 pm
Posted on Dec 30, 2006 9:45 pm
yes but who would know how to do that? :P
PHP Snippet:
Feedback Form
Posted on Dec 31, 2006 12:16 am
Posted on Dec 31, 2006 12:16 am
It\'s actually a very common exploit. There are bots that attempt to exploit contact forms constantly.
PHP Snippet:
Feedback Form
Posted on Dec 31, 2006 1:14 am
Posted on Dec 31, 2006 1:14 am
5/10 because you try hard :P
PHP Snippet:
Feedback Form
Posted on Dec 31, 2006 2:37 am
Posted on Dec 31, 2006 2:37 am
Actually Hawkee, the \'email\' input field is telling the person who gets the email the person who sent the emails email address. Basically, if you changed the \'user@host.com\' to blah@blah.net and put the email blah@yahoo.com for the email, and blah for the subject and blah for the body it would send the subject, blah, the message, blah, and it would have \'From: theemailentered\' it also checks if the email is valid. :D
PHP Snippet:
Feedback Form
Posted on Jan 1, 2007 12:03 am
Posted on Jan 1, 2007 12:03 am
I usually base64 encode the body of an email. It\'s also possible to exploit certain mail servers through the message field. Encoding the text will prevent this. The problem with headers being added in the subject can be fixed by stripped new line characters from the subject:
$subject = str_replace(array(\"\\n\",\"\\r\"),array(\'\',\'\'),$subject);
mail(\"name@host.com\", \"Subject: $subject\",
base64_encode($message), \"From: $email\",\'Content-Transfer-Encoding: base64\' );
$subject = str_replace(array(\"\\n\",\"\\r\"),array(\'\',\'\'),$subject);
mail(\"name@host.com\", \"Subject: $subject\",
base64_encode($message), \"From: $email\",\'Content-Transfer-Encoding: base64\' );
PHP Snippet:
Feedback Form
Posted on Jan 1, 2007 1:38 am
Posted on Jan 1, 2007 1:38 am
Ah, i see. I just updated it! Thanks tye.
