Solve : Email injection or someone playing games??

1.	Solve : Email injection or someone playing games??
Answer» Hi, I have set up on my website a comments/feedback form, via a php menu system. The feedback is then sent via EMAIL, as part of the php forms function directly to me. Recently I have been getting the following in my EMAILS: From: gcnjgfzoyp E-Mail: [emailprotected] Comments: ux3lye http://dkjyjiacqczz.com/\">dkjyjiacqczz[/url], behomdnfkvsd, [link=http://eyqrdadyimjt.com/]eyqrdadyimjt[/link], http://dvxlpproknfu.com/ Operating system: jREClmxpNwpJ Further inclusion: ux3lye http://dkjyjiacqczz.com/\">dkjyjiacqczz[/url], behomdnfkvsd, [link=http://eyqrdadyimjt.com/]eyqrdadyimjt[/link], http://dvxlpproknfu.com/ It's always in the same format of nonsense addresses and URL's. Does this look to you like an email injection, or someone playing around? Can you post the code you have?Code on the HTML page is: Name Comments If you would like a personal repsonse please submit your email below Email Would you let me know your operating system, so that I can see who the main users of my site are? My operating system is Anything missing from my site at all? I would like to see the following added to your site Code for the php page is: error_reporting(E_ALL); $to = "[emailprotected]"; $subject = "Website Submission .eu"; $name_field = $_POST['name']; $email_field = $_POST['email']; $comments = $_POST['comments']; $OS = $_POST['os']; $moredetails = $_POST['moredetails']; $body = "From: $name_field\n E-Mail: $email_field\n Comments: $comments\n Operating system: $os\n Further inclusion: $moredetails\n"; mail($to, $subject, $body); header("Location:http://www.macandpctips.eu/thankyou.html"); ?> QUOTE from: pcwizard on October 12, 2008, 11:11:25 AM Code: [Select]<?php error_reporting(E_ALL); $to="[emailprotected]"; $subject="WebsiteSubmission.eu"; $name_field=$_POST['name']; $email_field=$_POST['email']; $comments=$_POST['comments']; $os=$_POST['os']; $moredetails=$_POST['moredetails']; $body="From:$name_field\nE-Mail:$email_field\nComments:$comments\nOperatingsystem:$os\nFurtherinclusion:$moredetails\n"; mail($to,$subject,$body); The problem is in here. Try this: Code: [Select]<?php error_reporting(E_ALL); $to="[emailprotected]"; $subject="WebsiteSubmission.eu"; $name_field=$_POST['name']; $email_field=$_POST['email']; $comments=$_POST['comments']; $os=$_POST['os']; $message=$_POST['moredetails']; $headers="From:$name_field\r\nE-Mail:$email_field\r\nComments:$comments\r\nOperatingsystem:$os; mail($to,$subject,$message,$headers); Any luck?Thanks, I'll amend, upload and let you know if anything comes through. Thanks for your help.No problem. BTW, this might MAKE a difference. It could be someone fooling around, but that line looked suspect.

Answer»

Hi,

I have set up on my website a comments/feedback form, via a php menu system. The feedback is then sent via EMAIL, as part of the php forms function directly to me.

Recently I have been getting the following in my EMAILS:

From: gcnjgfzoyp
E-Mail: [emailprotected]
Comments: ux3lye http://dkjyjiacqczz.com/\">dkjyjiacqczz[/url], behomdnfkvsd, [link=http://eyqrdadyimjt.com/]eyqrdadyimjt[/link], http://dvxlpproknfu.com/
Operating system: jREClmxpNwpJ
Further inclusion: ux3lye http://dkjyjiacqczz.com/\">dkjyjiacqczz[/url], behomdnfkvsd, [link=http://eyqrdadyimjt.com/]eyqrdadyimjt[/link], http://dvxlpproknfu.com/

It's always in the same format of nonsense addresses and URL's.

Does this look to you like an email injection, or someone playing around?

Can you post the code you have?Code on the HTML page is:

Name

Comments

If you would like a personal repsonse please submit your email below
Email

Would you let me know your operating system, so that I can see who the main users of my site are?
My operating system is

Anything missing from my site at all?
I would like to see the following added to your site

Code for the php page is:

error_reporting(E_ALL);
$to = "[emailprotected]";
$subject = "Website Submission .eu";
$name_field = $_POST['name'];
$email_field = $_POST['email'];
$comments = $_POST['comments'];
$OS = $_POST['os'];
$moredetails = $_POST['moredetails'];
$body = "From: $name_field\n E-Mail: $email_field\n Comments: $comments\n Operating system: $os\n Further inclusion: $moredetails\n";
mail($to, $subject, $body);
header("Location:http://www.macandpctips.eu/thankyou.html");
?>

QUOTE from: pcwizard on October 12, 2008, 11:11:25 AM

Code: [Select]<?php
error_reporting(E_ALL);
$to="[emailprotected]";
$subject="WebsiteSubmission.eu";
$name_field=$_POST['name'];
$email_field=$_POST['email'];
$comments=$_POST['comments'];
$os=$_POST['os'];
$moredetails=$_POST['moredetails'];
$body="From:$name_field\nE-Mail:$email_field\nComments:$comments\nOperatingsystem:$os\nFurtherinclusion:$moredetails\n";
mail($to,$subject,$body);

The problem is in here.
Try this:

Code: [Select]<?php
error_reporting(E_ALL);
$to="[emailprotected]";
$subject="WebsiteSubmission.eu";
$name_field=$_POST['name'];
$email_field=$_POST['email'];
$comments=$_POST['comments'];
$os=$_POST['os'];
$message=$_POST['moredetails'];
$headers="From:$name_field\r\nE-Mail:$email_field\r\nComments:$comments\r\nOperatingsystem:$os;
mail($to,$subject,$message,$headers);

Any luck?Thanks, I'll amend, upload and let you know if anything comes through.

Thanks for your help.No problem.

BTW, this might MAKE a difference. It could be someone fooling around, but that line looked suspect.

Solve : Email injection or someone playing games??

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment