Closed Thread Icon

Topic awaiting preservation: SecurePHP : Email Injection (Page 1 of 1) Pages that link to <a href="https://ozoneasylum.com/backlink?for=26645" title="Pages that link to Topic awaiting preservation: SecurePHP : Email Injection (Page 1 of 1)" rel="nofollow" >Topic awaiting preservation: SecurePHP : Email Injection <span class="small">(Page 1 of 1)</span>\

 
poi
Paranoid (IV) Inmate

From: France
Insane since: Jun 2002

posted posted 09-14-2005 23:04

The SecurePHP wiki has an interresting page about Email Injection.
If it can be of any help

Veneficuz
Paranoid (IV) Inmate

From: A graveyard of dreams
Insane since: Mar 2001

posted posted 09-14-2005 23:15

Was a thread about this recently at the Gurusnetwork for those interrested.

_________________________
"There are 10 kinds of people; those who know binary, those who don't and those who start counting at zero"
- the Golden Ratio - Vim Tutorial -

Emperor
Maniac (V) Inmate

From: Cell 53, East Wing
Insane since: Jul 2001

posted posted 09-15-2005 04:02

Yeah some simple checking of the email address should do it. Check out kuckus' contact page tutorial which also appears to be secure against this:

http://www.gurusnetwork.com/tutorial/contact_page/

___________________
Emps

The Emperor dot org | Revenant: The Zombie Magazine | Wonders | Justice for Pat Richard | FAQs: Emperor | Site Reviews | Reception Room

if I went 'round saying I was an Emperor just because some moistened bint had lobbed a scimitar at me, they'd put me away!

Bugimus
Maniac (V) Mad Scientist

From: New California
Insane since: Mar 2000

posted posted 09-16-2005 17:16

I've placed a hidden field in my form and if it is filled out then I know an automated submission was used. That's been working for me pretty well.

: . . DHTML Slice Puzzle : . . .

poi
Paranoid (IV) Inmate

From: France
Insane since: Jun 2002

posted posted 09-16-2005 17:30

Bugimus: nice idea. I didn't thought the robots were that dumb

hyperbole
Paranoid (IV) Inmate

From: Madison, Indiana, USA
Insane since: Aug 2000

posted posted 09-16-2005 17:33

Bugimus said

quote:
I've placed a hidden field in my form and if it is filled out then I know an automated submission was used.



How does that work, Bugimus?

From what you said, it seems that when the users presses "Submit" the hidden field is not included in the data sent to the server. It's been a while since I worked with forms, but I thought hidden fields were one of the ways to pass data you don't want displayed on a page, to the server along with the rest of the data in the form.

.



-- not necessarily stoned... just beautiful.

poi
Paranoid (IV) Inmate

From: France
Insane since: Jun 2002

posted posted 09-16-2005 17:54

hyperbole: Spam bots analyzes the HTML code and try to fill all the fields and submit the form ( by doing the HTTP request ). Therefore if a hidden field is not empty, there's all the chances that it's a spam bot.



(Edited by poi on 09-16-2005 17:56)

Bugimus
Maniac (V) Mad Scientist

From: New California
Insane since: Mar 2000

posted posted 09-16-2005 19:50

Precisely, poi. I was surprised they were that dumb too. It probably won't take long for them to learn this trick... especially with threads like this

: . . DHTML Slice Puzzle : . . .

poi
Paranoid (IV) Inmate

From: France
Insane since: Jun 2002

posted posted 09-16-2005 20:46

I already know the name of my next hidden field : i_am_a_robot_from_hell

Bugimus
Maniac (V) Mad Scientist

From: New California
Insane since: Mar 2000

posted posted 09-16-2005 21:27



: . . DHTML Slice Puzzle : . . .

Tyberius Prime
Paranoid (IV) Mad Scientist with Finglongers

From: Germany
Insane since: Sep 2001

posted posted 09-17-2005 10:29

Just on a side note, the past serveral days I've gotten such emails from the webmail form I'm using on smarttab.org ...
Guess the fact that I'm receiving them means it's secure ;-)

quote:
Message: ywnhk@smarttab.org
Name: ywnhk@smarttab.org
Content-Type: multipart/mixed; boundary=\"===============0502806608==\"
MIME-Version: 1.0
Subject: 89ba86a3
To: ywnhk@smarttab.org
bcc: PeiCanteenMc@aol.com
From: ywnhk@smarttab.org

This is a multi-part message in MIME format.

--===============0502806608==
Content-Type: text/plain; charset=\"us-ascii\"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit

jcsasww
--===============0502806608==--

Email: ywnhk@smarttab.org


(the header itself is correct and uninteresting - they apperantly didn't manage an injection. No wonder, sine both subject and receipient are fixed.)

now, don't ask me what anyone would gain from spamming jcasww...

so long,

->Tyberius Prime

Tyberius Prime
Paranoid (IV) Mad Scientist with Finglongers

From: Germany
Insane since: Sep 2001

posted posted 09-20-2005 11:02

this is getting worse and worse - we've a customer that regularly get's batches of about 30 of these emails.

With smarttab, the bot apperantly always tries 3 times (I've received about a dozen of these mails in batches of three, all with the same time).

Suggestions?

Tyberius Prime
Paranoid (IV) Mad Scientist with Finglongers

From: Germany
Insane since: Sep 2001

posted posted 09-20-2005 11:11

ok... how about a hidden field with an md5 or such of the current date. (so that it changes regularly)
If the field doesn't match on submit, we don't send an email, but report to some log...

Shouldn't exclude anyone and keep the stupid bots at bay.
Now, bots that transmit hidden fields intact... we'll have to think about this.

Tyberius Prime
Paranoid (IV) Mad Scientist with Finglongers

From: Germany
Insane since: Sep 2001

posted posted 09-20-2005 11:22

ok... hidden field changed || if newline in one of the single line field - reject.

Anyone seeing problems with that?

GRUMBLE
Paranoid (IV) Mad Scientist

From: Omicron Persei 8
Insane since: Oct 2000

posted posted 09-20-2005 12:11

TP, that is exactly the same kind of email i got. see: weird website spam

it even uses the same aol email: PeiCanteenMc@aol.com

« BackwardsOnwards »

Show Forum Drop Down Menu