RE: [users@httpd] Web form spam attack :: ASPN Mail Archive

Recent Messages
List Archives
About the List
List Leaders
Subscription Options

View Subscriptions
Help

View by Topic
ActiveState
.NET Framework
Open Source
Perl
PHP
Python
Tcl
Web Services
XML & XSLT

View by Category
Database
General
SOAP
System Administration
Tools
User Interfaces
Web Programming
XML Programming

MyASPN >> Mail Archive >> httpd-users

httpd-users

RE: [users@httpd] Web form spam attack
by Jason Lieurance other posts by this author
Nov 30 2005 1:11PM messages near this date

RE: [users@httpd] Web form spam attack | [users@httpd] Load problems

Hans Zaunere said:
> 
> 

> 
>  New York PHP has developed a PHundamental to address this:
> 
>  http://www.nyphp.org/phundamentals/email_header_injection.php
> 

Thanks but where do I apply it. Here is the code(don't laugh):

************************************************************************
$title = "Contact Form";
include ("inc/top.php");

if ($mailto != "") {
echo "<h1> You have selected to E-mail $mailto.  Please fill out the form below.</h1>";
}else {
echo "<h1> 
Please fill out the form below.
</h1> ";
$mailto = $E1;
$message = "Please contact us either by this form, by mail, or phone.  We are
anxious to here from you!";
}
if ($mailto == ""){
        } else if ($mailto == $E2){
$message = "Contact the editor with any questions or comments that you may have..";
} else if ($mailto == $E3){
$message = "Contact our advertising department with any questions or comments
concerning placing an ad or for more advertisem
ent information..";
} else if ($mailto == $E4){
$message = "We are always looking for smiling faces!  Please contact us using the
form below or E-mail us directly at $E4.  F
or a faster response please include your resume.";
} else if ($mailto == $E5){
$message = "You may contact our business department with any questions that
concerning your subscripion.";
}
echo "
<h2> 
$message
</h2> 
<form action=\"thanks.php\" method=\"post\"> 
<input type=\"hidden\" name=\"mailto\" value=\"$mailto\" /> 
<table summary=\"Contact info\"> 
<tr> <td>Name:</td>
<td> <input type=\"text\" name=\"name\" size=\"30\" maxlength=\"30\"></td></tr>
<tr> <td>Email:</td>
<td> <input type=\"text\" name=\"email\" size=\"30\" maxlength=\"30\"></td></tr>
<tr> <td>Question:</td>
<td> </td></tr>
<tr> <td colspan=\"2\"><textarea cols=\"40\" rows=\"10\"
name=\"question\"> </textarea></td></tr>
<tr> <td></td><td align=\"right\"><input type=\"submit\" name=\"Submit\"></td></tr>
</table> </form>
";
include ("$WebRoot/inc/footer.php");


Thanks, Jason



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html>  for more info.
To unsubscribe, e-mail: users-unsubscribe@[...].org
   "   from the digest: users-digest-unsubscribe@[...].org
For additional commands, e-mail: users-help@httpd.apache.org

Thread:

Jason Lieurance

Hans Zaunere

Jason Lieurance

Benjamin Adams

Joshua Slive